Vulnerabilities > SAP

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-10	CVE-2021-33703	Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. network low complexity sap	6.1
2021-08-10	CVE-2021-33706	Improper Input Validation vulnerability in SAP Infrabox Due to improper input validation in InfraBox, logs can be modified by an authenticated user. network low complexity sap CWE-20	4.3
2021-08-10	CVE-2021-33707	Unspecified vulnerability in SAP Netweaver Knowledge Management SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. network low complexity sap	6.1
2021-08-09	CVE-2014-9320	Improper Authentication vulnerability in SAP Businessobjects Edge 4.1 SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905. network low complexity sap CWE-287 critical	9.8
2021-08-09	CVE-2015-2073	Path Traversal vulnerability in SAP Businessobjects Edge 4.0 The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. network low complexity sap CWE-22	7.5
2021-08-09	CVE-2015-2074	Path Traversal vulnerability in SAP Businessobjects Edge 4.0 The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. network low complexity sap CWE-22	7.5
2021-08-09	CVE-2015-7731	Information Exposure vulnerability in SAP Mobile Platform 3.0 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. local low complexity sap CWE-200	5.5
2021-08-09	CVE-2018-17861	Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. network low complexity sap CWE-79	6.1
2021-08-09	CVE-2018-17862	Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. network low complexity sap CWE-79	6.1
2021-08-09	CVE-2018-17865	Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. network low complexity sap CWE-79	6.1

Vulnerabilities > SAP {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"SAP"}]}

Vulnerabilities > SAP