Vulnerabilities > SAP > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-27269 Path Traversal vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files.
network
low complexity
sap CWE-22
critical
9.6
2023-02-14 CVE-2023-24530 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network.
network
low complexity
sap CWE-434
critical
9.1
2023-01-10 CVE-2023-0014 Authentication Bypass by Capture-replay vulnerability in SAP products
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format.
network
low complexity
sap CWE-294
critical
9.8
2023-01-10 CVE-2023-0017 Improper Access Control vulnerability in SAP Netweaver Application Server for Java 7.50
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system.
network
low complexity
sap CWE-284
critical
9.8
2022-12-13 CVE-2022-41271 Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50.
network
low complexity
sap CWE-862
critical
9.4
2022-10-11 CVE-2022-35299 Stack-based Buffer Overflow vulnerability in SAP IQ and SQL Anywhere
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.
network
low complexity
sap CWE-121
critical
9.8
2022-08-10 CVE-2022-35293 Missing Authorization vulnerability in SAP Enable NOW Manager 1.0
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account.
network
low complexity
sap CWE-862
critical
9.1
2022-06-14 CVE-2022-27668 Incorrect Authorization vulnerability in SAP products
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
network
low complexity
sap CWE-863
critical
9.8
2022-03-10 CVE-2022-26100 Improper Input Validation vulnerability in SAP Sapcar 7.22
SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive.
network
low complexity
sap CWE-20
critical
9.8
2022-02-09 CVE-2022-22532 HTTP Request Smuggling vulnerability in SAP Netweaver Application Server Java
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling.
network
low complexity
sap CWE-444
critical
9.8