Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-11 | CVE-2022-29611 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2022-04-12 | CVE-2022-28773 | Uncontrolled Recursion vulnerability in SAP Netweaver and web Dispatcher Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | 7.5 |
| 2022-03-10 | CVE-2022-26100 | Improper Input Validation vulnerability in SAP Sapcar 7.22 SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. | 7.5 |
| 2022-03-10 | CVE-2022-24396 | Missing Authentication for Critical Function vulnerability in SAP Simple Diagnostics Agent The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. | 7.8 |
| 2022-03-10 | CVE-2022-22547 | Unspecified vulnerability in SAP Simple Diagnostics Agent Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. | 7.5 |
| 2022-02-09 | CVE-2022-22528 | Uncontrolled Search Path Element vulnerability in SAP Adaptive Server Enterprise 16.0 SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. | 7.8 |
| 2022-02-09 | CVE-2022-22533 | Use After Free vulnerability in SAP Netweaver Application Server Java Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. | 7.5 |
| 2022-02-09 | CVE-2022-22540 | SQL Injection vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. | 7.5 |
| 2022-02-09 | CVE-2022-22543 | Resource Exhaustion vulnerability in SAP Netweaver Abap and Netweaver AS Abap SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. | 7.5 |
| 2022-01-14 | CVE-2022-22530 | Unspecified vulnerability in SAP S/4Hana The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. | 8.1 |