Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-27598 Missing Authorization vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc.
network
low complexity
sap CWE-862
5.3
2021-04-13 CVE-2021-21492 Authentication Bypass by Spoofing vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.
network
low complexity
sap CWE-290
4.3
2021-04-13 CVE-2021-21485 Unspecified vulnerability in SAP Netweaver Application Server Java
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
network
low complexity
sap
6.5
2021-04-13 CVE-2021-21483 Unspecified vulnerability in SAP Solution Manager 7.20
Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application.
network
low complexity
sap
4.9
2021-04-13 CVE-2021-21482 Unspecified vulnerability in SAP Netweaver Master Data Management 7.10.750/710
SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method.
low complexity
sap
8.3
2021-03-22 CVE-2021-27596 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
3.3
2021-03-22 CVE-2021-27595 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
3.3
2021-03-22 CVE-2021-27594 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
3.3
2021-03-22 CVE-2021-27593 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
3.3
2021-03-10 CVE-2021-21491 Open Redirect vulnerability in SAP Netweaver Application Server Java
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
network
low complexity
sap CWE-601
6.1