Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2022-22528 | Uncontrolled Search Path Element vulnerability in SAP Adaptive Server Enterprise 16.0 SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. | 7.8 |
| 2022-02-09 | CVE-2022-22533 | Use After Free vulnerability in SAP Netweaver Application Server Java Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. | 7.5 |
| 2022-02-09 | CVE-2022-22540 | SQL Injection vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. | 7.5 |
| 2022-02-09 | CVE-2022-22543 | Resource Exhaustion vulnerability in SAP Netweaver Abap and Netweaver AS Abap SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. | 7.5 |
| 2022-01-14 | CVE-2022-22530 | Unspecified vulnerability in SAP S/4Hana The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. | 8.1 |
| 2022-01-14 | CVE-2022-22531 | Unspecified vulnerability in SAP S/4Hana The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. | 8.1 |
| 2021-12-14 | CVE-2021-44232 | Path Traversal vulnerability in SAP Saf-T Framework SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. | 7.7 |
| 2021-12-14 | CVE-2021-44233 | Missing Authorization vulnerability in SAP Access Control V1100700/V1100731/V1200750 SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. | 8.8 |
| 2021-11-10 | CVE-2021-40501 | Missing Authorization vulnerability in SAP Abap Platform Kernel SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. | 8.1 |
| 2021-11-10 | CVE-2021-40502 | Missing Authorization vulnerability in SAP Commerce SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |