Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-27 | CVE-2022-35291 | Improper Privilege Management vulnerability in SAP Successfactors Mobile 8.0.5 Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. | 8.1 |
| 2022-07-12 | CVE-2022-28771 | Missing Authentication for Critical Function vulnerability in SAP Business ONE License Service API 10.0 Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. | 7.5 |
| 2022-07-12 | CVE-2022-31591 | Unquoted Search Path or Element vulnerability in SAP Businessobjects BW Publisher Service 420/430 SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. | 7.8 |
| 2022-07-12 | CVE-2022-31593 | Injection vulnerability in SAP Business ONE 10.0 SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. | 8.8 |
| 2022-07-12 | CVE-2022-32249 | Exposure of Resource to Wrong Sphere vulnerability in SAP Business ONE 10.0 Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | 7.5 |
| 2022-07-12 | CVE-2022-35168 | XXE vulnerability in SAP Business ONE 10.0 Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. | 7.5 |
| 2022-07-12 | CVE-2022-35228 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. | 8.8 |
| 2022-06-14 | CVE-2022-31590 | Unspecified vulnerability in SAP Powerdesigner Proxy 16.7 SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | 7.8 |
| 2022-06-14 | CVE-2022-31595 | Missing Authorization vulnerability in SAP Adaptive Server Enterprise SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2022-05-11 | CVE-2022-29616 | Out-of-bounds Write vulnerability in SAP products SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | 7.5 |