Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-38150 Cleartext Storage of Sensitive Information vulnerability in SAP Business Client 7.0/7.70
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials.
network
low complexity
sap CWE-312
6.5
2021-09-14 CVE-2021-38162 Unspecified vulnerability in SAP web Dispatcher
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages.
network
low complexity
sap
critical
9.4
2021-09-14 CVE-2021-38163 Path Traversal vulnerability in SAP Netweaver
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process.
network
low complexity
sap CWE-22
8.8
2021-09-14 CVE-2021-38164 Missing Authorization vulnerability in SAP ERP Financial Accounting
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users.
network
low complexity
sap CWE-862
5.4
2021-09-14 CVE-2021-38174 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
network
low complexity
sap
6.5
2021-09-14 CVE-2021-38175 Unspecified vulnerability in SAP Analysis for Microsoft Office 2.8
SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction.
network
low complexity
sap
6.5
2021-09-14 CVE-2021-38176 SQL Injection vulnerability in SAP products
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database.
network
low complexity
sap CWE-89
8.8
2021-09-14 CVE-2021-38177 NULL Pointer Dereference vulnerability in SAP Commoncryptolib 8.0.0/8.4.29/8.5.38
SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.
network
low complexity
sap CWE-476
7.5
2021-08-10 CVE-2021-33699 Unspecified vulnerability in SAP Fiori Client 3.2
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features.
low complexity
sap
6.5
2021-08-10 CVE-2021-33702 Unspecified vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data.
network
low complexity
sap
6.1