Vulnerabilities > SAP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-11 | CVE-2023-36917 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. | 7.5 |
| 2023-07-11 | CVE-2023-36921 | Improper Encoding or Escaping of Output vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. | 7.2 |
| 2023-07-11 | CVE-2023-36922 | OS Command Injection vulnerability in SAP Netweaver Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. | 8.8 |
| 2023-07-11 | CVE-2023-36925 | Unspecified vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. | 7.2 |
| 2023-06-13 | CVE-2023-33991 | Unspecified vulnerability in SAP UI SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. | 8.2 |
| 2023-05-09 | CVE-2023-30740 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. | 7.6 |
| 2023-05-09 | CVE-2023-32111 | Unspecified vulnerability in SAP Powerdesigner Proxy 16.7 In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. | 7.5 |
| 2023-05-09 | CVE-2023-28762 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. | 7.2 |
| 2023-04-11 | CVE-2023-26458 | Unspecified vulnerability in SAP Landscape Management 3.0 An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. | 8.7 |
| 2023-04-11 | CVE-2023-27267 | Unspecified vulnerability in SAP Diagnostics Agent 720 Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. | 8.1 |