Vulnerabilities > SAP > Low

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-41728 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package.
network
low complexity
sap CWE-862
2.7
2024-09-10 CVE-2024-44114 Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network.
network
low complexity
sap CWE-863
2.7
2023-12-12 CVE-2023-49578 Incorrect Permission Assignment for Critical Resource vulnerability in SAP Cloud Connector 2.0
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.
low complexity
sap CWE-732
3.5
2023-06-13 CVE-2023-32114 Unspecified vulnerability in SAP Netweaver
SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.
network
low complexity
sap
2.7
2022-06-14 CVE-2022-29615 Deserialization of Untrusted Data vulnerability in SAP Netweaver Developer Studio 7.50
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x.
local
low complexity
sap CWE-502
3.4
2022-04-12 CVE-2022-27657 Path Traversal vulnerability in SAP Focused RUN 1.0
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.
network
low complexity
sap CWE-22
2.7
2021-12-14 CVE-2021-42070 Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application
local
low complexity
sap CWE-20
3.3
2021-12-14 CVE-2021-42069 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application
local
low complexity
sap CWE-787
3.3
2021-12-14 CVE-2021-42068 Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap CWE-20
3.3
2021-03-22 CVE-2021-27593 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
3.3