Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-33661 Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
local
low complexity
sap CWE-20
5.5
2021-06-09 CVE-2021-33662 Unspecified vulnerability in SAP Business ONE 10.0
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted.
local
low complexity
sap
4.4
2021-06-09 CVE-2021-33663 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.
network
low complexity
sap
5.3
2021-06-09 CVE-2021-33664 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2021-06-09 CVE-2021-33665 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2021-06-09 CVE-2021-33666 Cross-site Scripting vulnerability in SAP Commerce Cloud 100
When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation.
network
low complexity
sap CWE-79
6.1
2021-06-09 CVE-2021-33669 Exposure of Resource to Wrong Sphere vulnerability in SAP Mobile SDK Certificate Provider 3.0.7
Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage.
local
low complexity
sap CWE-668
7.8
2021-06-09 CVE-2021-33668 Injection vulnerability in SAP Infrabox
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user.
network
low complexity
sap CWE-74
7.5
2021-05-11 CVE-2021-27611 Code Injection vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system.
local
low complexity
sap CWE-94
6.7
2021-05-11 CVE-2021-27612 Open Redirect vulnerability in SAP GUI for Windows 7.60/7.70
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
network
low complexity
sap CWE-601
6.1