Vulnerabilities > SAP > Low

DATE CVE VULNERABILITY TITLE RISK
2021-12-14 CVE-2021-42066 Cleartext Storage of Sensitive Information vulnerability in SAP Business ONE 10.0
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted.
network
sap CWE-312
3.5
2021-12-14 CVE-2021-42061 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
2021-11-10 CVE-2021-40503 Insufficiently Protected Credentials vulnerability in SAP GUI for Windows
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password.
local
low complexity
sap CWE-522
2.1
2021-11-05 CVE-2021-41251 Information Exposure vulnerability in SAP Cloud SDK
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions.
network
high complexity
sap CWE-200
2.6
2021-10-12 CVE-2021-40498 Unspecified vulnerability in SAP Successfactors Mobile
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service.
local
low complexity
sap
2.1
2021-09-15 CVE-2021-33696 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site.
network
sap CWE-79
3.5
2021-09-15 CVE-2021-33694 Cross-site Scripting vulnerability in SAP Cloud Connector 2.0
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.
network
sap CWE-79
3.5
2021-09-14 CVE-2021-33679 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder.
network
sap CWE-79
3.5
2021-09-14 CVE-2021-21489 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
2021-08-10 CVE-2021-33703 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters.
network
high complexity
sap CWE-79
2.6