Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-36917 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality.
network
low complexity
sap
7.5
2023-07-11 CVE-2023-36921 Improper Encoding or Escaping of Output vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request.
network
low complexity
sap CWE-116
7.2
2023-07-11 CVE-2023-36922 OS Command Injection vulnerability in SAP Netweaver
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.
network
low complexity
sap CWE-78
8.8
2023-07-11 CVE-2023-36925 Unspecified vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests.
network
low complexity
sap
7.2
2023-06-13 CVE-2023-33991 Unspecified vulnerability in SAP UI
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability.
network
low complexity
sap
8.2
2023-05-09 CVE-2023-30740 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.
network
low complexity
sap
7.6
2023-05-09 CVE-2023-32111 Unspecified vulnerability in SAP Powerdesigner Proxy 16.7
In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption.
network
low complexity
sap
7.5
2023-05-09 CVE-2023-28762 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction.
network
low complexity
sap
7.2
2023-04-11 CVE-2023-26458 Unspecified vulnerability in SAP Landscape Management 3.0
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition.
network
low complexity
sap
8.7
2023-04-11 CVE-2023-27267 Unspecified vulnerability in SAP Diagnostics Agent 720
Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents.
network
high complexity
sap
8.1