Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2024-21737 | Code Injection vulnerability in SAP Application Interface Framework 702 In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. | 9.1 |
| 2024-01-09 | CVE-2024-21738 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. | 5.4 |
| 2024-01-09 | CVE-2024-22124 | Unspecified vulnerability in SAP Netweaver Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality. | 7.5 |
| 2024-01-09 | CVE-2024-22125 | Unspecified vulnerability in SAP GUI Connector 1.0 Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality. | 7.5 |
| 2024-01-09 | CVE-2024-21734 | Open Redirect vulnerability in SAP Marketing 160 SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. | 5.4 |
| 2024-01-09 | CVE-2024-21735 | Incorrect Authorization vulnerability in SAP LT Replication Server SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. | 7.2 |
| 2023-12-12 | CVE-2023-50424 | Exposed Dangerous Method or Function vulnerability in SAP Cloud-Security-Client-Go SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-12-12 | CVE-2023-49577 | Cross-site Scripting vulnerability in SAP Human Capital Management The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-12-12 | CVE-2023-49578 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Cloud Connector 2.0 SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application. | 3.5 |
| 2023-12-12 | CVE-2023-49580 | Unspecified vulnerability in SAP Graphical User Interface SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. | 7.3 |