Vulnerabilities > SAP > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-13 | CVE-2024-33003 | Unspecified vulnerability in SAP Commerce Cloud Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. | 9.1 |
2024-08-13 | CVE-2024-41730 | Missing Authorization vulnerability in SAP Business Objects Business Intelligence Platform Enterprise430/Enterprise440 In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. | 9.8 |
2024-01-09 | CVE-2024-21737 | Code Injection vulnerability in SAP Application Interface Framework 702 In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. | 9.1 |
2023-12-12 | CVE-2023-50424 | Exposed Dangerous Method or Function vulnerability in SAP Cloud-Security-Client-Go SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. | 9.8 |
2023-12-12 | CVE-2023-49581 | SQL Injection vulnerability in SAP Netweaver Application Server Abap SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. | 9.4 |
2023-12-12 | CVE-2023-49583 | Exposed Dangerous Method or Function vulnerability in SAP @Sap/XSSec SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. | 9.8 |
2023-12-12 | CVE-2023-50422 | Exposed Dangerous Method or Function vulnerability in SAP Cloud-Security-Services-Integration-Library SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. | 9.8 |
2023-12-12 | CVE-2023-50423 | Exposed Dangerous Method or Function vulnerability in SAP Sap-XSSec SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. | 9.8 |
2023-09-12 | CVE-2023-40309 | Incorrect Authorization vulnerability in SAP products SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. | 9.8 |
2023-09-12 | CVE-2023-40622 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. | 9.9 |