Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-13 | CVE-2021-27598 | Missing Authorization vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50 SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. | 5.3 |
| 2021-04-13 | CVE-2021-21492 | Authentication Bypass by Spoofing vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled. | 4.3 |
| 2021-04-13 | CVE-2021-21485 | Unspecified vulnerability in SAP Netweaver Application Server Java An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user. | 6.5 |
| 2021-04-13 | CVE-2021-21483 | Unspecified vulnerability in SAP Solution Manager 7.20 Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application. | 4.9 |
| 2021-04-13 | CVE-2021-21482 | Unspecified vulnerability in SAP Netweaver Master Data Management 7.10.750/710 SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. low complexity sap | 8.3 |
| 2021-03-22 | CVE-2021-27596 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 3.3 |
| 2021-03-22 | CVE-2021-27595 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 3.3 |
| 2021-03-22 | CVE-2021-27594 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 3.3 |
| 2021-03-22 | CVE-2021-27593 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 3.3 |
| 2021-03-10 | CVE-2021-21491 | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | 6.1 |