Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-41202 | Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9 Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | 7.8 |
| 2022-10-11 | CVE-2022-41204 | Open Redirect vulnerability in SAP Commerce An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. | 8.8 |
| 2022-09-13 | CVE-2022-35292 | Unquoted Search Path or Element vulnerability in SAP Business ONE 10.0 In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. | 7.8 |
| 2022-09-13 | CVE-2022-39801 | Improper Authentication vulnerability in SAP Access Control 12 SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. | 7.5 |
| 2022-08-10 | CVE-2022-32245 | Cleartext Transmission of Sensitive Information vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. | 8.2 |
| 2022-07-12 | CVE-2022-28771 | Missing Authentication for Critical Function vulnerability in SAP Business ONE License Service API 10.0 Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. | 7.5 |
| 2022-07-12 | CVE-2022-32249 | Exposure of Resource to Wrong Sphere vulnerability in SAP Business ONE 10.0 Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | 7.5 |
| 2022-06-14 | CVE-2022-31590 | Unspecified vulnerability in SAP Powerdesigner Proxy 16.7 SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | 7.2 |
| 2022-06-14 | CVE-2022-31594 | Unspecified vulnerability in SAP Adaptive Server Enterprise A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. | 7.2 |
| 2022-06-14 | CVE-2022-31595 | Missing Authorization vulnerability in SAP Adaptive Server Enterprise SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |