Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-33678 Unspecified vulnerability in SAP Netweaver Application Server Abap
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application.
network
low complexity
sap
6.5
2021-07-14 CVE-2021-33680 Classic Buffer Overflow vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application.
network
low complexity
sap CWE-120
6.5
2021-07-14 CVE-2021-33681 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application.
network
low complexity
sap CWE-787
6.5
2021-07-14 CVE-2021-33682 Cross-site Scripting vulnerability in SAP Lumira Server 2.4
SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2021-07-14 CVE-2021-33683 HTTP Request Smuggling vulnerability in SAP Internet Communication Manager and web Dispatcher
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header.
network
low complexity
sap CWE-444
4.3
2021-07-14 CVE-2021-33684 Out-of-bounds Write vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability.
network
low complexity
sap CWE-787
5.3
2021-07-14 CVE-2021-33687 Information Exposure vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.
network
low complexity
sap CWE-200
4.9
2021-07-14 CVE-2021-33689 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created.
network
low complexity
sap
4.3
2021-06-16 CVE-2021-27610 Improper Authentication vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
network
low complexity
sap CWE-287
critical
9.8
2021-06-09 CVE-2021-21473 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
network
low complexity
sap CWE-862
6.3