Vulnerabilities > SAP > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-14 | CVE-2023-27269 | Path Traversal vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. | 9.6 |
2023-02-14 | CVE-2023-24530 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. | 9.1 |
2023-01-10 | CVE-2023-0014 | Authentication Bypass by Capture-replay vulnerability in SAP products SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. | 9.8 |
2023-01-10 | CVE-2023-0017 | Improper Access Control vulnerability in SAP Netweaver Application Server for Java 7.50 An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. | 9.8 |
2022-12-13 | CVE-2022-41271 | Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50 An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. | 9.4 |
2022-10-11 | CVE-2022-35299 | Stack-based Buffer Overflow vulnerability in SAP IQ and SQL Anywhere SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. | 9.8 |
2022-08-10 | CVE-2022-35293 | Missing Authorization vulnerability in SAP Enable NOW Manager 1.0 Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. | 9.1 |
2022-06-14 | CVE-2022-27668 | Incorrect Authorization vulnerability in SAP products Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | 9.8 |
2022-03-10 | CVE-2022-26100 | Improper Input Validation vulnerability in SAP Sapcar 7.22 SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. | 9.8 |
2022-02-09 | CVE-2022-22532 | HTTP Request Smuggling vulnerability in SAP Netweaver Application Server Java In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. | 9.8 |