Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-27500 Path Traversal vulnerability in SAP Netweaver Application Server Abap
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files.
network
low complexity
sap CWE-22
8.1
2023-03-14 CVE-2023-27896 Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 420/430
In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability.
network
low complexity
sap CWE-918
7.5
2023-03-14 CVE-2023-23857 Improper Authentication vulnerability in SAP Netweaver Application Server for Java 7.50
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems.
network
low complexity
sap CWE-287
8.6
2023-03-14 CVE-2023-25616 Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges.
network
low complexity
sap CWE-74
8.8
2023-03-14 CVE-2023-25617 OS Command Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK.
network
low complexity
sap CWE-78
8.8
2023-03-14 CVE-2023-26459 Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Abap
Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.
network
low complexity
sap CWE-918
7.4
2023-02-14 CVE-2023-0020 Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted.
network
low complexity
sap CWE-200
7.1
2023-02-14 CVE-2023-24523 Exposure of Resource to Wrong Sphere vulnerability in SAP Host Agent 7.21/7.22
An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges.  The OS command can read or modify any user or system data and can make the system unavailable.
local
low complexity
sap CWE-668
8.8
2023-01-10 CVE-2023-0016 SQL Injection vulnerability in SAP Business Planning and Consolidation 800/810
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries.
network
low complexity
sap CWE-89
8.8
2023-01-10 CVE-2023-0022 Code Injection vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network.
network
low complexity
sap CWE-94
8.8