Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-11-10 CVE-2021-40502 Unspecified vulnerability in SAP Commerce
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap
8.8
2021-11-10 CVE-2021-40503 Unspecified vulnerability in SAP GUI for Windows
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password.
local
low complexity
sap
7.8
2021-11-10 CVE-2021-40504 Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.
network
low complexity
sap CWE-863
4.9
2021-11-10 CVE-2021-42062 Unspecified vulnerability in SAP ERP Human Capital Management 600/604/608
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area.
network
low complexity
sap
4.3
2021-10-12 CVE-2021-38178 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates.
network
low complexity
sap
8.8
2021-10-12 CVE-2021-38179 Unspecified vulnerability in SAP Business ONE 10.0
Debug function of Admin UI of SAP Business One Integration is enabled by default.
network
low complexity
sap
4.9
2021-10-12 CVE-2021-38180 Unspecified vulnerability in SAP Business ONE 10.0
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export.
network
low complexity
sap
critical
9.8
2021-10-12 CVE-2021-38181 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2021-10-12 CVE-2021-38183 Cross-site Scripting vulnerability in SAP Netweaver
SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability.
network
low complexity
sap CWE-79
6.1
2021-10-12 CVE-2021-40495 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755.
network
low complexity
sap
5.3