Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2024-21735 | Incorrect Authorization vulnerability in SAP LT Replication Server SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. | 7.2 |
| 2023-12-12 | CVE-2023-49580 | Unspecified vulnerability in SAP Graphical User Interface SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. | 7.3 |
| 2023-12-12 | CVE-2023-6542 | Incorrect Authorization vulnerability in SAP Emarsys SDK 3.6.2 Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. | 7.1 |
| 2023-12-12 | CVE-2023-42478 | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. | 7.6 |
| 2023-12-12 | CVE-2023-42481 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in SAP Commerce Cloud 8.1 In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. | 8.1 |
| 2023-11-14 | CVE-2023-31403 | Incorrect Authorization vulnerability in SAP Business ONE 10.0 SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. | 8.0 |
| 2023-10-10 | CVE-2023-40310 | Missing XML Validation vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. | 7.5 |
| 2023-09-28 | CVE-2023-40307 | Out-of-bounds Write vulnerability in SAP Privileges An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. | 7.8 |
| 2023-09-12 | CVE-2023-40623 | Unspecified vulnerability in SAP Businessobjects 420/430 SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. | 7.1 |
| 2023-09-12 | CVE-2023-40308 | Out-of-bounds Write vulnerability in SAP products SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. | 7.5 |