Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-33673 Cross-site Scripting vulnerability in SAP Contact Center 700
Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them.
network
low complexity
sap CWE-79
6.1
2021-09-14 CVE-2021-33674 Cross-site Scripting vulnerability in SAP Contact Center 700
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs.
network
low complexity
sap CWE-79
6.1
2021-09-14 CVE-2021-33675 Cross-site Scripting vulnerability in SAP Contact Center 700
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs.
network
low complexity
sap CWE-79
6.1
2021-09-14 CVE-2021-33679 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder.
network
low complexity
sap CWE-79
5.4
2021-09-14 CVE-2021-33685 Path Traversal vulnerability in SAP Business ONE 10.0
SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory.
network
low complexity
sap CWE-22
6.5
2021-09-14 CVE-2021-33686 Unspecified vulnerability in SAP Business ONE 10.0
Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.
network
low complexity
sap
5.3
2021-09-14 CVE-2021-33688 SQL Injection vulnerability in SAP Business ONE 10.0
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database.
network
low complexity
sap CWE-89
4.3
2021-09-14 CVE-2021-37531 OS Command Injection vulnerability in SAP Netweaver Knowledge Management XML Forms
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file.
network
low complexity
sap CWE-78
8.8
2021-09-14 CVE-2021-37532 Path Traversal vulnerability in SAP Business ONE 10.0
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.
network
low complexity
sap CWE-22
4.3
2021-09-14 CVE-2021-37535 Missing Authorization vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
network
low complexity
sap CWE-862
critical
9.8