Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2021-33666 | Cross-site Scripting vulnerability in SAP Commerce Cloud 100 When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation. | 6.1 |
| 2021-06-09 | CVE-2021-33669 | Exposure of Resource to Wrong Sphere vulnerability in SAP Mobile SDK Certificate Provider 3.0.7 Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. | 7.8 |
| 2021-06-09 | CVE-2021-33668 | Injection vulnerability in SAP Infrabox Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. | 7.5 |
| 2021-05-11 | CVE-2021-27611 | Code Injection vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. | 6.7 |
| 2021-05-11 | CVE-2021-27612 | Open Redirect vulnerability in SAP GUI for Windows 7.60/7.70 In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim. | 6.1 |
| 2021-05-11 | CVE-2021-27613 | Unspecified vulnerability in SAP Chef Business-One-Cookbook 0.1.9 Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability. | 7.8 |
| 2021-05-11 | CVE-2021-27614 | Injection vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. | 7.1 |
| 2021-05-11 | CVE-2021-27616 | Unspecified vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application. | 7.8 |
| 2021-05-11 | CVE-2021-27617 | Improper Input Validation vulnerability in SAP Netweaver Process Integration The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. | 4.9 |
| 2021-05-11 | CVE-2021-27618 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Process Integration The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. | 4.9 |