Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2024-21735 Incorrect Authorization vulnerability in SAP LT Replication Server
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks.
network
low complexity
sap CWE-863
7.2
2023-12-12 CVE-2023-49580 Unspecified vulnerability in SAP Graphical User Interface
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential.
network
low complexity
sap
7.3
2023-12-12 CVE-2023-6542 Incorrect Authorization vulnerability in SAP Emarsys SDK 3.6.2
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application.
local
low complexity
sap CWE-863
7.1
2023-12-12 CVE-2023-42478 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.
network
low complexity
sap CWE-79
7.6
2023-12-12 CVE-2023-42481 Weak Password Recovery Mechanism for Forgotten Password vulnerability in SAP Commerce Cloud 8.1
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place.
network
low complexity
sap CWE-640
8.1
2023-11-14 CVE-2023-31403 Incorrect Authorization vulnerability in SAP Business ONE 10.0
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder.
low complexity
sap CWE-863
8.0
2023-10-10 CVE-2023-40310 Missing XML Validation vulnerability in SAP Powerdesigner 16.7
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source.
network
low complexity
sap CWE-112
7.5
2023-09-28 CVE-2023-40307 Out-of-bounds Write vulnerability in SAP Privileges
An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application.
local
low complexity
sap CWE-787
7.8
2023-09-12 CVE-2023-40623 Unspecified vulnerability in SAP Businessobjects 420/430
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files.
network
low complexity
sap
7.1
2023-09-12 CVE-2023-40308 Out-of-bounds Write vulnerability in SAP products
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable.
network
low complexity
sap CWE-787
7.5