Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-33666 Cross-site Scripting vulnerability in SAP Commerce Cloud 100
When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation.
network
low complexity
sap CWE-79
6.1
2021-06-09 CVE-2021-33669 Exposure of Resource to Wrong Sphere vulnerability in SAP Mobile SDK Certificate Provider 3.0.7
Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage.
local
low complexity
sap CWE-668
7.8
2021-06-09 CVE-2021-33668 Injection vulnerability in SAP Infrabox
Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user.
network
low complexity
sap CWE-74
7.5
2021-05-11 CVE-2021-27611 Code Injection vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system.
local
low complexity
sap CWE-94
6.7
2021-05-11 CVE-2021-27612 Open Redirect vulnerability in SAP GUI for Windows 7.60/7.70
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
network
low complexity
sap CWE-601
6.1
2021-05-11 CVE-2021-27613 Unspecified vulnerability in SAP Chef Business-One-Cookbook 0.1.9
Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability.
local
low complexity
sap
7.8
2021-05-11 CVE-2021-27614 Injection vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE
SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application.
local
low complexity
sap CWE-74
7.1
2021-05-11 CVE-2021-27616 Unspecified vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE
Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.
local
low complexity
sap
7.8
2021-05-11 CVE-2021-27617 Improper Input Validation vulnerability in SAP Netweaver Process Integration
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source.
network
low complexity
sap CWE-20
4.9
2021-05-11 CVE-2021-27618 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Process Integration
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source.
network
low complexity
sap CWE-434
4.9