Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-41272 Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system.
network
low complexity
sap CWE-862
8.6
2022-12-13 CVE-2022-41264 Code Injection vulnerability in SAP Basis
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker.
network
low complexity
sap CWE-94
8.8
2022-12-13 CVE-2022-41267 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application.
network
low complexity
sap CWE-434
8.8
2022-12-13 CVE-2022-41268 Improper Privilege Management vulnerability in SAP Business Planning and Consolidation
In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used.
network
high complexity
sap CWE-269
7.5
2022-11-08 CVE-2022-41203 Deserialization of Untrusted Data vulnerability in SAP Businessobjects Business Intelligence 4.2/4.3
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability.
network
low complexity
sap CWE-502
8.8
2022-11-08 CVE-2022-41211 Out-of-bounds Write vulnerability in SAP products
Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap CWE-787
7.8
2022-11-08 CVE-2022-41214 Improper Input Validation vulnerability in SAP Netweaver Application Server Abap
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted.
network
low complexity
sap CWE-20
8.7
2022-10-11 CVE-2022-39013 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions an authenticated attacker can get access to OS credentials.
network
low complexity
sap
7.6
2022-10-11 CVE-2022-39802 Path Traversal vulnerability in SAP Manufacturing Execution 15.1/15.2/15.3
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter.
network
low complexity
sap CWE-22
7.5
2022-10-11 CVE-2022-39803 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap CWE-787
7.8