Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2022-29611 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2022-04-12 CVE-2022-28773 Uncontrolled Recursion vulnerability in SAP Netweaver and web Dispatcher
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.
network
low complexity
sap CWE-674
7.5
2022-03-10 CVE-2022-26100 Improper Input Validation vulnerability in SAP Sapcar 7.22
SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive.
network
low complexity
sap CWE-20
7.5
2022-03-10 CVE-2022-24396 Missing Authentication for Critical Function vulnerability in SAP Simple Diagnostics Agent
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005.
local
low complexity
sap CWE-306
7.8
2022-03-10 CVE-2022-22547 Unspecified vulnerability in SAP Simple Diagnostics Agent
Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535.
network
low complexity
sap
7.5
2022-02-09 CVE-2022-22528 Uncontrolled Search Path Element vulnerability in SAP Adaptive Server Enterprise 16.0
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system.
local
low complexity
sap CWE-427
7.8
2022-02-09 CVE-2022-22533 Use After Free vulnerability in SAP Netweaver Application Server Java
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer.
network
low complexity
sap CWE-416
7.5
2022-02-09 CVE-2022-22540 SQL Injection vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database.
network
low complexity
sap CWE-89
7.5
2022-02-09 CVE-2022-22543 Resource Exhaustion vulnerability in SAP Netweaver Abap and Netweaver AS Abap
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack.
network
low complexity
sap CWE-400
7.5
2022-01-14 CVE-2022-22530 Unspecified vulnerability in SAP S/4Hana
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files.
network
low complexity
sap
8.1