Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-09 | CVE-2021-27587 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
| 2021-03-09 | CVE-2021-27586 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
| 2021-03-09 | CVE-2021-27585 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 7.8 |
| 2021-03-09 | CVE-2021-21487 | Missing Authorization vulnerability in SAP Payment Engine 500 SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2021-03-09 | CVE-2021-21486 | Missing Authorization vulnerability in SAP Enterprise Financial Services SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2021-03-09 | CVE-2021-21481 | Incorrect Authorization vulnerability in SAP Netweaver The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. | 8.8 |
| 2021-03-09 | CVE-2021-21480 | Code Injection vulnerability in SAP Manufacturing Integration and Intelligence SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). | 8.8 |
| 2021-02-09 | CVE-2021-21475 | Path Traversal vulnerability in SAP Netweaver Master Data Management Server 710/710.750 Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. | 7.5 |
| 2021-02-09 | CVE-2021-21472 | Missing Authentication for Critical Function vulnerability in SAP Software Provisioning Manager 1.0 SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade. | 8.8 |
| 2021-01-12 | CVE-2021-21469 | Information Exposure vulnerability in SAP Netweaver Master Data Management 7.10/7.10.750/710 When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. | 7.5 |