Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2021-01-12 CVE-2021-21454 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-787
8.8
2021-01-12 CVE-2021-21453 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-119
8.8
2021-01-12 CVE-2021-21452 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-119
8.8
2021-01-12 CVE-2021-21451 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-119
8.8
2021-01-12 CVE-2021-21450 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-119
8.8
2021-01-12 CVE-2021-21449 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
network
low complexity
sap CWE-119
8.8
2021-01-12 CVE-2021-21446 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service.
network
low complexity
sap
7.5
2020-12-09 CVE-2020-26832 Missing Authorization vulnerability in SAP Netweaver Application Server Abap and S/4 Hana
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
network
low complexity
sap CWE-862
7.6
2020-12-09 CVE-2020-26830 Missing Authorization vulnerability in SAP Solution Manager 7.20
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user.
network
low complexity
sap CWE-862
8.1
2020-11-10 CVE-2020-26820 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file.
network
low complexity
sap CWE-434
7.2