Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2024-22124 | Unspecified vulnerability in SAP Netweaver Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality. | 7.5 |
| 2024-01-09 | CVE-2024-22125 | Unspecified vulnerability in SAP GUI Connector 1.0 Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality. | 7.5 |
| 2024-01-09 | CVE-2024-21735 | Incorrect Authorization vulnerability in SAP LT Replication Server SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. | 7.2 |
| 2023-12-12 | CVE-2023-49580 | Unspecified vulnerability in SAP Graphical User Interface SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. | 7.3 |
| 2023-12-12 | CVE-2023-6542 | Incorrect Authorization vulnerability in SAP Emarsys SDK 3.6.2 Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. | 7.1 |
| 2023-12-12 | CVE-2023-42478 | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. | 7.6 |
| 2023-12-12 | CVE-2023-42481 | Improper Access Control vulnerability in SAP Commerce Cloud 8.1 In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. | 8.1 |
| 2023-11-14 | CVE-2023-31403 | Incorrect Authorization vulnerability in SAP Business ONE 10.0 SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. | 8.0 |
| 2023-10-10 | CVE-2023-40310 | Missing XML Validation vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. | 7.5 |
| 2023-09-28 | CVE-2023-40307 | Out-of-bounds Write vulnerability in SAP Privileges An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. | 7.8 |