Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2022-28214 Cleartext Storage of Sensitive Information vulnerability in SAP products
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs.
local
low complexity
sap CWE-312
7.8
2022-05-11 CVE-2022-29611 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2022-04-12 CVE-2022-27667 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 430
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
network
low complexity
sap CWE-200
7.5
2022-04-12 CVE-2022-27669 Missing Authorization vulnerability in SAP Netweaver Application Server for Java 7.50
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted.
network
low complexity
sap CWE-862
7.5
2022-04-12 CVE-2022-28213 Missing XML Validation vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.
network
low complexity
sap CWE-112
8.1
2022-04-12 CVE-2022-28772 Out-of-bounds Write vulnerability in SAP Netweaver and web Dispatcher
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.
network
low complexity
sap CWE-787
7.5
2022-04-12 CVE-2022-28773 Uncontrolled Recursion vulnerability in SAP Netweaver and web Dispatcher
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.
network
low complexity
sap CWE-674
7.5
2022-03-28 CVE-2022-27658 Missing Authorization vulnerability in SAP Innovation Management 2.0
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
network
low complexity
sap CWE-862
7.5
2022-03-10 CVE-2022-24396 Missing Authentication for Critical Function vulnerability in SAP Simple Diagnostics Agent
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005.
local
low complexity
sap CWE-306
7.8
2022-03-10 CVE-2022-22547 Unspecified vulnerability in SAP Simple Diagnostics Agent
Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535.
network
low complexity
sap
7.5