Vulnerabilities > SAP > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-49578 | Unspecified vulnerability in SAP Cloud Connector 2.0 SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application. low complexity sap | 3.5 |
| 2023-06-13 | CVE-2023-32114 | Resource Exhaustion vulnerability in SAP Netweaver SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application. | 2.7 |
| 2022-06-14 | CVE-2022-29615 | Deserialization of Untrusted Data vulnerability in SAP Netweaver Developer Studio 7.50 SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. | 3.6 |
| 2022-06-06 | CVE-2020-6220 | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 4.1/4.2 BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 2.6 |
| 2022-05-11 | CVE-2022-29610 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | 3.5 |
| 2022-04-12 | CVE-2022-27657 | Path Traversal vulnerability in SAP Focused RUN 1.0 A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0. | 2.7 |
| 2022-03-10 | CVE-2022-24398 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. network sap | 3.5 |
| 2022-01-14 | CVE-2021-44234 | Information Exposure Through Log Files vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. | 2.1 |
| 2021-12-14 | CVE-2021-42066 | Cleartext Storage of Sensitive Information vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. | 3.5 |
| 2021-12-14 | CVE-2021-42061 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |