Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-38150 | Cleartext Storage of Sensitive Information vulnerability in SAP Business Client 7.0/7.70 When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. | 6.5 |
| 2021-09-14 | CVE-2021-38162 | Unspecified vulnerability in SAP web Dispatcher SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. | 9.4 |
| 2021-09-14 | CVE-2021-38163 | Path Traversal vulnerability in SAP Netweaver SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. | 8.8 |
| 2021-09-14 | CVE-2021-38164 | Missing Authorization vulnerability in SAP ERP Financial Accounting SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. | 5.4 |
| 2021-09-14 | CVE-2021-38174 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
| 2021-09-14 | CVE-2021-38175 | Unspecified vulnerability in SAP Analysis for Microsoft Office 2.8 SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. | 6.5 |
| 2021-09-14 | CVE-2021-38176 | SQL Injection vulnerability in SAP products Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. | 8.8 |
| 2021-09-14 | CVE-2021-38177 | NULL Pointer Dereference vulnerability in SAP Commoncryptolib 8.0.0/8.4.29/8.5.38 SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system. | 7.5 |
| 2021-08-10 | CVE-2021-33699 | Unspecified vulnerability in SAP Fiori Client 3.2 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. low complexity sap | 6.5 |
| 2021-08-10 | CVE-2021-33702 | Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. | 6.1 |