Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-14 | CVE-2021-42064 | SQL Injection vulnerability in SAP Commerce If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. | 9.8 |
| 2021-12-14 | CVE-2021-42066 | Unspecified vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. | 4.4 |
| 2021-12-14 | CVE-2021-42068 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 3.3 |
| 2021-12-14 | CVE-2021-42069 | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | 3.3 |
| 2021-12-14 | CVE-2021-42070 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | 3.3 |
| 2021-12-14 | CVE-2021-44231 | Code Injection vulnerability in SAP Abap Platform and Netweaver Application Server Abap Internally used text extraction reports allow an attacker to inject code that can be executed by the application. | 9.8 |
| 2021-12-14 | CVE-2021-44232 | Path Traversal vulnerability in SAP Saf-T Framework SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. | 7.7 |
| 2021-12-14 | CVE-2021-44233 | Unspecified vulnerability in SAP Access Control V1100700/V1100731/V1200750 SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. | 8.8 |
| 2021-12-14 | CVE-2021-44235 | OS Command Injection vulnerability in SAP Netweaver Application Server Abap Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. | 6.7 |
| 2021-11-10 | CVE-2021-40501 | Missing Authorization vulnerability in SAP Abap Platform Kernel SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. | 8.1 |