Vulnerabilities > SAP > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2022-22536 HTTP Request Smuggling vulnerability in SAP products
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation.
network
low complexity
sap CWE-444
critical
10.0
2022-02-09 CVE-2022-22544 Unspecified vulnerability in SAP Solution Manager 7.20
Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems.
network
low complexity
sap
critical
9.1
2021-12-14 CVE-2021-42064 SQL Injection vulnerability in SAP Commerce
If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database.
network
low complexity
sap CWE-89
critical
9.8
2021-12-14 CVE-2021-44231 Code Injection vulnerability in SAP Abap Platform and Netweaver Application Server Abap
Internally used text extraction reports allow an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
critical
9.8
2021-10-12 CVE-2021-38180 Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP Business ONE 10.0
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export.
network
low complexity
sap CWE-1236
critical
9.8
2021-10-12 CVE-2021-40499 Code Injection vulnerability in SAP Netweaver Application Server Abap 7.70/7.70Byd/7.70Pi
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
critical
9.8
2021-09-15 CVE-2021-33690 Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Development Infrastructure
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries.
network
low complexity
sap CWE-918
critical
9.9
2021-09-15 CVE-2021-33695 Improper Certificate Validation vulnerability in SAP Cloud Connector 2.0
Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.
network
low complexity
sap CWE-295
critical
9.1
2021-09-15 CVE-2021-33701 SQL Injection vulnerability in SAP Dmis, S4Core and Sapscore
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
network
low complexity
sap CWE-89
critical
9.1
2021-09-14 CVE-2021-33672 Improper Encoding or Escaping of Output vulnerability in SAP Contact Center 700
Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message.
network
low complexity
sap CWE-116
critical
9.6