Vulnerabilities > SAP > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-41728 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. | 2.7 |
| 2024-09-10 | CVE-2024-44114 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. | 2.7 |
| 2023-12-12 | CVE-2023-49578 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Cloud Connector 2.0 SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application. | 3.5 |
| 2023-06-13 | CVE-2023-32114 | Unspecified vulnerability in SAP Netweaver SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application. | 2.7 |
| 2022-06-14 | CVE-2022-29615 | Deserialization of Untrusted Data vulnerability in SAP Netweaver Developer Studio 7.50 SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. | 3.6 |
| 2022-06-06 | CVE-2020-6220 | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 4.1/4.2 BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2.6 |
| 2022-05-11 | CVE-2022-29610 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | 3.5 |
| 2022-04-12 | CVE-2022-27657 | Path Traversal vulnerability in SAP Focused RUN 1.0 A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0. | 2.7 |
| 2022-03-10 | CVE-2022-24398 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. network sap | 3.5 |
| 2022-01-14 | CVE-2021-44234 | Information Exposure Through Log Files vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. | 2.1 |