Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-10 | CVE-2021-33703 | Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. | 6.1 |
2021-08-10 | CVE-2021-33706 | Improper Input Validation vulnerability in SAP Infrabox Due to improper input validation in InfraBox, logs can be modified by an authenticated user. | 4.3 |
2021-08-10 | CVE-2021-33707 | Unspecified vulnerability in SAP Netweaver Knowledge Management SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. | 6.1 |
2021-08-09 | CVE-2014-9320 | Improper Authentication vulnerability in SAP Businessobjects Edge 4.1 SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. | 9.8 |
2021-08-09 | CVE-2015-2073 | Path Traversal vulnerability in SAP Businessobjects Edge 4.0 The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. | 7.5 |
2021-08-09 | CVE-2015-2074 | Path Traversal vulnerability in SAP Businessobjects Edge 4.0 The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. | 7.5 |
2021-08-09 | CVE-2015-7731 | Information Exposure vulnerability in SAP Mobile Platform 3.0 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. | 5.5 |
2021-08-09 | CVE-2018-17861 | Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. | 6.1 |
2021-08-09 | CVE-2018-17862 | Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. | 6.1 |
2021-08-09 | CVE-2018-17865 | Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. | 6.1 |