Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-12-14 CVE-2021-42064 SQL Injection vulnerability in SAP Commerce
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database.
network
low complexity
sap CWE-89
critical
9.8
2021-12-14 CVE-2021-42066 Unspecified vulnerability in SAP Business ONE 10.0
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted.
network
high complexity
sap
4.4
2021-12-14 CVE-2021-42068 Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap CWE-20
3.3
2021-12-14 CVE-2021-42069 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application
local
low complexity
sap CWE-787
3.3
2021-12-14 CVE-2021-42070 Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application
local
low complexity
sap CWE-20
3.3
2021-12-14 CVE-2021-44231 Code Injection vulnerability in SAP Abap Platform and Netweaver Application Server Abap
Internally used text extraction reports allow an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
critical
9.8
2021-12-14 CVE-2021-44232 Path Traversal vulnerability in SAP Saf-T Framework
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access.
network
low complexity
sap CWE-22
7.7
2021-12-14 CVE-2021-44233 Unspecified vulnerability in SAP Access Control V1100700/V1100731/V1200750
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges.
network
low complexity
sap
8.8
2021-12-14 CVE-2021-44235 OS Command Injection vulnerability in SAP Netweaver Application Server Abap
Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder.
local
low complexity
sap CWE-78
6.7
2021-11-10 CVE-2021-40501 Missing Authorization vulnerability in SAP Abap Platform Kernel
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.1