Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2022-22529 | Cross-site Scripting vulnerability in SAP Enterprise Threat Detection 2.0 SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. | 6.1 |
| 2022-01-14 | CVE-2022-22530 | Unspecified vulnerability in SAP S/4Hana The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. | 8.1 |
| 2022-01-14 | CVE-2022-22531 | Unspecified vulnerability in SAP S/4Hana The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. | 8.1 |
| 2021-12-14 | CVE-2021-42061 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2021-12-14 | CVE-2021-42063 | Cross-site Scripting vulnerability in SAP Knowledge Warehouse A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. | 6.1 |
| 2021-12-14 | CVE-2021-42064 | SQL Injection vulnerability in SAP Commerce If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. | 9.8 |
| 2021-12-14 | CVE-2021-42066 | Unspecified vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. | 4.4 |
| 2021-12-14 | CVE-2021-42068 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 3.3 |
| 2021-12-14 | CVE-2021-42069 | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | 3.3 |
| 2021-12-14 | CVE-2021-42070 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | 3.3 |