Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-40308 | Unspecified vulnerability in SAP products SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. | 7.5 |
| 2023-09-12 | CVE-2023-42472 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420 Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. | 7.3 |
| 2023-08-15 | CVE-2023-39438 | Unspecified vulnerability in SAP Contributor License Agreement Assistant A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. | 8.1 |
| 2023-08-08 | CVE-2023-33993 | Unspecified vulnerability in SAP Business ONE 10.0 B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. | 7.5 |
| 2023-08-08 | CVE-2023-36923 | Unspecified vulnerability in SAP Powerdesigner 16.7 SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. | 7.8 |
| 2023-08-08 | CVE-2023-37486 | Unspecified vulnerability in SAP Commerce Cloud and Commerce Hycom Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. | 7.5 |
| 2023-08-08 | CVE-2023-37491 | Unspecified vulnerability in SAP Message Server The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. | 8.8 |
| 2023-07-11 | CVE-2023-33989 | Unspecified vulnerability in SAP Netweaver BI Content An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. | 8.1 |
| 2023-07-11 | CVE-2023-33990 | Unspecified vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. | 7.1 |
| 2023-07-11 | CVE-2023-35870 | Unspecified vulnerability in SAP S4Core When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. | 7.3 |