Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-09 | CVE-2021-27587 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
| 2021-03-09 | CVE-2021-27586 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
| 2021-03-09 | CVE-2021-27585 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
| 2021-03-09 | CVE-2021-27584 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 3.3 |
| 2021-03-09 | CVE-2021-21493 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 3.3 |
| 2021-03-09 | CVE-2021-21488 | Deserialization of Untrusted Data vulnerability in SAP Netweaver Knowledge Management Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. | 6.5 |
| 2021-03-09 | CVE-2021-21487 | Missing Authorization vulnerability in SAP Payment Engine 500 SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2021-03-09 | CVE-2021-21486 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2021-03-09 | CVE-2021-21484 | Incorrect Authorization vulnerability in SAP Hana 2.0 LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind. | 9.8 |
| 2021-03-09 | CVE-2021-21481 | Incorrect Authorization vulnerability in SAP Netweaver The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. | 8.8 |