Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2022-22528 Uncontrolled Search Path Element vulnerability in SAP Adaptive Server Enterprise 16.0
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system.
local
low complexity
sap CWE-427
7.8
2022-02-09 CVE-2022-22533 Use After Free vulnerability in SAP Netweaver Application Server Java
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer.
network
low complexity
sap CWE-416
7.5
2022-02-09 CVE-2022-22540 SQL Injection vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database.
network
low complexity
sap CWE-89
7.5
2022-02-09 CVE-2022-22543 Resource Exhaustion vulnerability in SAP Netweaver Abap and Netweaver AS Abap
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack.
network
low complexity
sap CWE-400
7.5
2022-01-14 CVE-2022-22530 Unspecified vulnerability in SAP S/4Hana
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files.
network
low complexity
sap
8.1
2022-01-14 CVE-2022-22531 Unspecified vulnerability in SAP S/4Hana
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files.
network
low complexity
sap
8.1
2021-12-14 CVE-2021-44232 Path Traversal vulnerability in SAP Saf-T Framework
SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access.
network
low complexity
sap CWE-22
7.7
2021-12-14 CVE-2021-44233 Missing Authorization vulnerability in SAP Access Control V1100700/V1100731/V1200750
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges.
network
low complexity
sap CWE-862
8.8
2021-11-10 CVE-2021-40501 Missing Authorization vulnerability in SAP Abap Platform Kernel
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.1
2021-11-10 CVE-2021-40502 Missing Authorization vulnerability in SAP Commerce
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8