Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-11 | CVE-2023-35874 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. | 7.4 |
| 2023-07-11 | CVE-2023-36917 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. | 7.5 |
| 2023-07-11 | CVE-2023-36921 | Improper Encoding or Escaping of Output vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. | 7.2 |
| 2023-07-11 | CVE-2023-36922 | OS Command Injection vulnerability in SAP Netweaver Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. | 8.8 |
| 2023-07-11 | CVE-2023-36925 | Unspecified vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. | 7.2 |
| 2023-06-13 | CVE-2023-33991 | Unspecified vulnerability in SAP UI SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. | 8.2 |
| 2023-05-09 | CVE-2023-30740 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. | 7.6 |
| 2023-05-09 | CVE-2023-32111 | Unspecified vulnerability in SAP Powerdesigner Proxy 16.7 In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. | 7.5 |
| 2023-05-09 | CVE-2023-28762 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. | 7.2 |
| 2023-04-11 | CVE-2023-26458 | Unspecified vulnerability in SAP Landscape Management 3.0 An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. | 8.7 |