Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-11 CVE-2022-41199 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap
7.8
2022-10-11 CVE-2022-41200 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap
7.8
2022-10-11 CVE-2022-41201 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap
7.8
2022-10-11 CVE-2022-41202 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap
7.8
2022-10-11 CVE-2022-41204 Unspecified vulnerability in SAP Commerce
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL.
network
low complexity
sap
8.8
2022-09-13 CVE-2022-35292 Unspecified vulnerability in SAP Business ONE 10.0
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges.
local
low complexity
sap
7.8
2022-09-13 CVE-2022-39801 Unspecified vulnerability in SAP Access Control 12
SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad.
network
high complexity
sap
7.5
2022-08-10 CVE-2022-32245 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network.
network
low complexity
sap
8.2
2022-08-10 CVE-2022-35290 Unspecified vulnerability in SAP Authenticator
Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
7.5
2022-07-27 CVE-2022-35291 Unspecified vulnerability in SAP Successfactors Mobile 8.0.5
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network.
network
low complexity
sap
8.1