Vulnerabilities > SAP > Low

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-41728 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package.
network
low complexity
sap CWE-862
2.7
2024-09-10 CVE-2024-44114 Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network.
network
low complexity
sap CWE-863
2.7
2023-12-12 CVE-2023-49578 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Cloud Connector 2.0
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.
low complexity
sap CWE-732
3.5
2023-06-13 CVE-2023-32114 Unspecified vulnerability in SAP Netweaver
SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.
network
low complexity
sap
2.7
2022-06-14 CVE-2022-29615 Deserialization of Untrusted Data vulnerability in SAP Netweaver Developer Studio 7.50
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x.
local
low complexity
sap CWE-502
3.6
2022-06-06 CVE-2020-6220 Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 4.1/4.2
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
high complexity
sap CWE-79
2.6
2022-05-11 CVE-2022-29610 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
network
sap CWE-79
3.5
2022-04-12 CVE-2022-27657 Path Traversal vulnerability in SAP Focused RUN 1.0
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.
network
low complexity
sap CWE-22
2.7
2022-03-10 CVE-2022-24398 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.
network
sap
3.5
2022-01-14 CVE-2021-44234 Information Exposure Through Log Files vulnerability in SAP Business ONE 10.0
SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
local
low complexity
sap CWE-532
2.1