Vulnerabilities > SAP > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-01-10 CVE-2023-0014 Authentication Bypass by Capture-replay vulnerability in SAP products
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format.
network
low complexity
sap CWE-294
critical
9.8
2023-01-10 CVE-2023-0017 Improper Access Control vulnerability in SAP Netweaver Application Server for Java 7.50
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system.
network
low complexity
sap CWE-284
critical
9.8
2022-12-13 CVE-2022-41271 Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50.
network
low complexity
sap CWE-862
critical
9.4
2022-10-11 CVE-2022-35299 Stack-based Buffer Overflow vulnerability in SAP IQ and SQL Anywhere
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.
network
low complexity
sap CWE-121
critical
9.8
2022-06-14 CVE-2022-27668 Incorrect Authorization vulnerability in SAP products
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
network
low complexity
sap CWE-863
critical
9.8
2022-02-09 CVE-2022-22532 HTTP Request Smuggling vulnerability in SAP Netweaver Application Server Java
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling.
network
low complexity
sap CWE-444
critical
9.8
2022-02-09 CVE-2022-22536 HTTP Request Smuggling vulnerability in SAP products
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation.
network
low complexity
sap CWE-444
critical
10.0
2022-02-09 CVE-2022-22544 Unspecified vulnerability in SAP Solution Manager 7.20
Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems.
network
low complexity
sap
critical
9.1
2021-12-14 CVE-2021-44231 Code Injection vulnerability in SAP Abap Platform and Netweaver Application Server Abap
Internally used text extraction reports allow an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
critical
9.8
2021-10-12 CVE-2021-38180 Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Business ONE 10.0
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export.
network
low complexity
sap CWE-1236
critical
9.8