Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-42472 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence Platform 420 Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. | 7.3 |
| 2023-08-15 | CVE-2023-39438 | Missing Authorization vulnerability in SAP Contributor License Agreement Assistant A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. | 8.1 |
| 2023-08-08 | CVE-2023-33993 | SQL Injection vulnerability in SAP Business ONE 10.0 B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. | 7.5 |
| 2023-08-08 | CVE-2023-36923 | Code Injection vulnerability in SAP Powerdesigner 16.7 SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. | 7.8 |
| 2023-08-08 | CVE-2023-37486 | Information Exposure Through Caching vulnerability in SAP Commerce Cloud and Commerce Hycom Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. | 7.5 |
| 2023-08-08 | CVE-2023-37491 | Incorrect Authorization vulnerability in SAP Message Server The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. | 8.8 |
| 2023-07-11 | CVE-2023-33989 | Path Traversal vulnerability in SAP Netweaver BI Content An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. | 8.1 |
| 2023-07-11 | CVE-2023-33990 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. | 7.1 |
| 2023-07-11 | CVE-2023-35870 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP S4Core When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. | 7.3 |
| 2023-07-11 | CVE-2023-35874 | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. | 7.4 |