Vulnerabilities > SAP > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-22536 | HTTP Request Smuggling vulnerability in SAP products SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. | 10.0 |
| 2022-02-09 | CVE-2022-22544 | Unspecified vulnerability in SAP Solution Manager 7.20 Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. | 9.1 |
| 2021-12-14 | CVE-2021-42064 | SQL Injection vulnerability in SAP Commerce If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. | 9.8 |
| 2021-12-14 | CVE-2021-44231 | Code Injection vulnerability in SAP Abap Platform and Netweaver Application Server Abap Internally used text extraction reports allow an attacker to inject code that can be executed by the application. | 9.8 |
| 2021-10-12 | CVE-2021-38180 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. | 9.8 |
| 2021-10-12 | CVE-2021-40499 | Code Injection vulnerability in SAP Netweaver Application Server Abap 7.70/7.70Byd/7.70Pi Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. | 9.8 |
| 2021-09-15 | CVE-2021-33690 | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Development Infrastructure Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. | 9.9 |
| 2021-09-15 | CVE-2021-33695 | Improper Certificate Validation vulnerability in SAP Cloud Connector 2.0 Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate. | 9.1 |
| 2021-09-15 | CVE-2021-33701 | SQL Injection vulnerability in SAP Dmis, S4Core and Sapscore DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. | 9.1 |
| 2021-09-14 | CVE-2021-33672 | Improper Encoding or Escaping of Output vulnerability in SAP Contact Center 700 Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. | 9.6 |