Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-38176 | SQL Injection vulnerability in SAP products Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. | 9.0 |
| 2021-09-14 | CVE-2021-38177 | NULL Pointer Dereference vulnerability in SAP Commoncryptolib 8.4.29/8.5.38 SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system. | 5.0 |
| 2021-08-10 | CVE-2021-33699 | Unspecified vulnerability in SAP Fiori Client 3.2 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. low complexity sap | 3.3 |
| 2021-08-10 | CVE-2021-33702 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. | 2.6 |
| 2021-08-10 | CVE-2021-33703 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. | 2.6 |
| 2021-08-10 | CVE-2021-33706 | Improper Input Validation vulnerability in SAP Infrabox Due to improper input validation in InfraBox, logs can be modified by an authenticated user. | 4.0 |
| 2021-08-10 | CVE-2021-33707 | Open Redirect vulnerability in SAP Netweaver Knowledge Management SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. | 5.8 |
| 2021-08-09 | CVE-2014-9320 | Improper Authentication vulnerability in SAP Businessobjects Edge 4.1 SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. | 9.3 |
| 2021-08-09 | CVE-2015-2073 | Path Traversal vulnerability in SAP Businessobjects Edge 4.0 The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. | 5.0 |
| 2021-08-09 | CVE-2015-2074 | Path Traversal vulnerability in SAP Businessobjects Edge 4.0 The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. | 5.0 |