Vulnerabilities > SAP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-10 | CVE-2023-0014 | Authentication Bypass by Capture-replay vulnerability in SAP products SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. | 9.8 |
| 2023-01-10 | CVE-2023-0017 | Improper Access Control vulnerability in SAP Netweaver Application Server for Java 7.50 An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. | 9.8 |
| 2022-12-13 | CVE-2022-41271 | Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50 An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. | 9.4 |
| 2022-10-11 | CVE-2022-35299 | Stack-based Buffer Overflow vulnerability in SAP IQ and SQL Anywhere SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | 9.8 |
| 2022-06-14 | CVE-2022-27668 | Incorrect Authorization vulnerability in SAP products Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | 9.8 |
| 2022-02-09 | CVE-2022-22532 | HTTP Request Smuggling vulnerability in SAP Netweaver Application Server Java In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. | 9.8 |
| 2022-02-09 | CVE-2022-22536 | HTTP Request Smuggling vulnerability in SAP products SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. | 10.0 |
| 2022-02-09 | CVE-2022-22544 | Unspecified vulnerability in SAP Solution Manager 7.20 Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. | 9.1 |
| 2021-12-14 | CVE-2021-44231 | Code Injection vulnerability in SAP Abap Platform and Netweaver Application Server Abap Internally used text extraction reports allow an attacker to inject code that can be executed by the application. | 9.8 |
| 2021-10-12 | CVE-2021-38180 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. | 9.8 |