Vulnerabilities > SAP > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-41214 Improper Input Validation vulnerability in SAP Netweaver Application Server Abap
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted.
network
low complexity
sap CWE-20
8.7
2022-10-11 CVE-2022-39013 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions an authenticated attacker can get access to OS credentials.
network
low complexity
sap
7.6
2022-10-11 CVE-2022-39802 Path Traversal vulnerability in SAP Manufacturing Execution 15.1/15.2/15.3
SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter.
network
low complexity
sap CWE-22
7.5
2022-10-11 CVE-2022-39803 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap CWE-787
7.8
2022-10-11 CVE-2022-39804 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap CWE-787
7.8
2022-10-11 CVE-2022-39805 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap CWE-787
7.8
2022-10-11 CVE-2022-39806 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap CWE-787
7.8
2022-10-11 CVE-2022-39808 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap CWE-787
7.8
2022-10-11 CVE-2022-41167 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap CWE-787
7.8
2022-10-11 CVE-2022-41168 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens a manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
local
low complexity
sap CWE-787
7.8