Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-14 CVE-2022-22531 Unspecified vulnerability in SAP S/4Hana
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files.
network
low complexity
sap
8.1
2021-10-12 CVE-2021-38178 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates.
network
low complexity
sap
8.8
2021-10-12 CVE-2021-38181 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2021-10-12 CVE-2021-40499 Code Injection vulnerability in SAP Netweaver Application Server Abap 7.70/7.70Byd/7.70Pi
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
7.5
2021-09-15 CVE-2021-33693 Code Injection vulnerability in SAP Cloud Connector 2.0
SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.
low complexity
sap CWE-94
7.7
2021-09-14 CVE-2021-37535 Missing Authorization vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.
network
low complexity
sap CWE-862
7.5
2021-09-14 CVE-2021-38163 Path Traversal vulnerability in SAP Netweaver
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process.
network
low complexity
sap CWE-22
8.8
2021-07-14 CVE-2021-33677 Unspecified vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.
network
low complexity
sap
7.5
2021-06-09 CVE-2021-27597 Out-of-bounds Read vulnerability in SAP Netweaver Abap
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable.
network
low complexity
sap CWE-125
7.5
2021-06-09 CVE-2021-27606 Out-of-bounds Read vulnerability in SAP Netweaver AS Abap
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable.
network
low complexity
sap CWE-125
7.5