Vulnerabilities > SAP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2024-21737 | Code Injection vulnerability in SAP Application Interface Framework 702 In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. | 9.1 |
| 2023-12-12 | CVE-2023-50424 | Improper Privilege Management vulnerability in SAP Cloud-Security-Client-Go SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-12-12 | CVE-2023-50423 | Improper Privilege Management vulnerability in SAP Sap-XSSec SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-12-12 | CVE-2023-50422 | Improper Privilege Management vulnerability in SAP Cloud-Security-Services-Integration-Library SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-12-12 | CVE-2023-49583 | Improper Privilege Management vulnerability in SAP @Sap/XSSec SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. | 9.8 |
| 2023-12-12 | CVE-2023-49581 | SQL Injection vulnerability in SAP Netweaver Application Server Abap SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. | 9.4 |
| 2023-09-12 | CVE-2023-40622 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. | 9.9 |
| 2023-09-12 | CVE-2023-40309 | Missing Authorization vulnerability in SAP products SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. | 9.8 |
| 2023-08-08 | CVE-2023-39439 | Unspecified vulnerability in SAP Commerce Cloud and Commerce Hycom SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase. | 9.8 |
| 2023-08-08 | CVE-2023-37490 | Uncontrolled Search Path Element vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. | 9.0 |