Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-33695 Improper Certificate Validation vulnerability in SAP Cloud Connector 2.0
Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.
network
low complexity
sap CWE-295
critical
9.1
2021-09-15 CVE-2021-33696 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site.
network
low complexity
sap CWE-79
5.4
2021-09-15 CVE-2021-33697 Improper Privilege Management vulnerability in SAP Businessobjects Business Intelligence 420/430
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
network
low complexity
sap CWE-269
6.1
2021-09-15 CVE-2021-33698 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business ONE 10.0
SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.
network
low complexity
sap CWE-434
8.8
2021-09-15 CVE-2021-33700 Improper Authentication vulnerability in SAP Business ONE 10.0
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password.
local
low complexity
sap CWE-287
7.8
2021-09-15 CVE-2021-33701 Unspecified vulnerability in SAP Dmis, S4Core and Sapscore
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
network
low complexity
sap
critical
9.1
2021-09-15 CVE-2021-33704 Missing Authorization vulnerability in SAP Business ONE 10.0
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users.
network
low complexity
sap CWE-862
8.8
2021-09-15 CVE-2021-33705 Unspecified vulnerability in SAP Netweaver Portal
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g.
network
low complexity
sap
8.1
2021-09-14 CVE-2021-21489 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
4.8
2021-09-14 CVE-2021-33672 Improper Encoding or Escaping of Output vulnerability in SAP Contact Center 700
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message.
network
low complexity
sap CWE-116
critical
9.6