Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-26103 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
network
low complexity
sap
5.3
2022-03-10 CVE-2022-26104 Missing Authorization vulnerability in SAP Financial Consolidation 10.1
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
network
low complexity
sap CWE-862
5.3
2022-03-10 CVE-2022-24395 Unspecified vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2022-03-10 CVE-2022-24396 Unspecified vulnerability in SAP Simple Diagnostics Agent
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005.
local
low complexity
sap
7.8
2022-03-10 CVE-2022-24397 Unspecified vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website.
network
low complexity
sap
6.1
2022-03-10 CVE-2022-24398 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.
network
low complexity
sap
6.5
2022-03-10 CVE-2022-24399 Unspecified vulnerability in SAP Focused RUN 200/300
The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2022-03-10 CVE-2022-22547 Unspecified vulnerability in SAP Simple Diagnostics Agent
Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535.
network
low complexity
sap
7.5
2022-02-09 CVE-2022-22528 Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system.
local
low complexity
sap
7.8
2022-02-09 CVE-2022-22532 Unspecified vulnerability in SAP Netweaver Application Server Java
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling.
network
low complexity
sap
critical
9.8