Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-08-10 CVE-2021-33703 Unspecified vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters.
network
low complexity
sap
6.1
2021-08-10 CVE-2021-33706 Improper Input Validation vulnerability in SAP Infrabox
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.
network
low complexity
sap CWE-20
4.3
2021-08-10 CVE-2021-33707 Unspecified vulnerability in SAP Netweaver Knowledge Management
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component.
network
low complexity
sap
6.1
2021-08-09 CVE-2014-9320 Improper Authentication vulnerability in SAP Businessobjects Edge 4.1
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
network
low complexity
sap CWE-287
critical
9.8
2021-08-09 CVE-2015-2073 Path Traversal vulnerability in SAP Businessobjects Edge 4.0
The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
network
low complexity
sap CWE-22
7.5
2021-08-09 CVE-2015-2074 Path Traversal vulnerability in SAP Businessobjects Edge 4.0
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
network
low complexity
sap CWE-22
7.5
2021-08-09 CVE-2015-7731 Information Exposure vulnerability in SAP Mobile Platform 3.0
SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830.
local
low complexity
sap CWE-200
5.5
2021-08-09 CVE-2018-17861 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol.
network
low complexity
sap CWE-79
6.1
2021-08-09 CVE-2018-17862 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2.
network
low complexity
sap CWE-79
6.1
2021-08-09 CVE-2018-17865 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol.
network
low complexity
sap CWE-79
6.1