Vulnerabilities > SAP > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-10 | CVE-2021-33702 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. | 2.6 |
| 2021-08-10 | CVE-2021-33699 | Unspecified vulnerability in SAP Fiori Client 3.2 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. low complexity sap | 3.3 |
| 2021-08-09 | CVE-2015-7731 | Information Exposure vulnerability in SAP Mobile Platform 3.0 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. | 2.1 |
| 2021-07-14 | CVE-2021-33682 | Cross-site Scripting vulnerability in SAP Lumira Server 2.4 SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
| 2021-06-09 | CVE-2021-33665 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
| 2021-06-09 | CVE-2021-33664 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
| 2021-06-09 | CVE-2021-33662 | Information Exposure vulnerability in SAP Business ONE 10.0 Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. | 2.1 |
| 2021-06-09 | CVE-2021-27637 | Unspecified vulnerability in SAP Enable NOW 1.0/10.0 Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure. local sap | 1.9 |
| 2021-06-09 | CVE-2021-27615 | Cross-site Scripting vulnerability in SAP Manufacturing Execution SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. | 3.5 |
| 2021-05-11 | CVE-2021-27614 | Injection vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. | 3.6 |