Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-24743 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them.
network
low complexity
sap
7.5
2024-02-13 CVE-2024-25642 Unspecified vulnerability in SAP Cloud Connector 2.0
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication.
network
high complexity
sap
7.4
2024-02-13 CVE-2024-22126 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL.
network
low complexity
sap
6.1
2024-02-13 CVE-2024-22128 Unspecified vulnerability in SAP Netweaver Business Client for Html
SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2024-01-09 CVE-2024-21736 Unspecified vulnerability in SAP S/4Hana Finance 107/128
SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks.
network
low complexity
sap
6.5
2024-01-09 CVE-2024-21737 Unspecified vulnerability in SAP Application Interface Framework 702
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly.
network
low complexity
sap
critical
9.1
2024-01-09 CVE-2024-21738 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.
network
low complexity
sap
5.4
2024-01-09 CVE-2024-22124 Unspecified vulnerability in SAP Netweaver
Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality.
network
low complexity
sap
7.5
2024-01-09 CVE-2024-22125 Unspecified vulnerability in SAP GUI Connector 1.0
Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.
network
low complexity
sap
7.5
2024-01-09 CVE-2024-21734 Unspecified vulnerability in SAP Marketing 160
SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application.
network
low complexity
sap
5.4