Vulnerabilities > SAP > Low

DATE CVE VULNERABILITY TITLE RISK
2021-08-10 CVE-2021-33702 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data.
network
high complexity
sap CWE-79
2.6
2021-08-10 CVE-2021-33699 Unspecified vulnerability in SAP Fiori Client 3.2
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features.
low complexity
sap
3.3
2021-08-09 CVE-2015-7731 Information Exposure vulnerability in SAP Mobile Platform 3.0
SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830.
local
low complexity
sap CWE-200
2.1
2021-07-14 CVE-2021-33682 Cross-site Scripting vulnerability in SAP Lumira Server 2.4
SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
2021-06-09 CVE-2021-33665 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
2021-06-09 CVE-2021-33664 Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
2021-06-09 CVE-2021-33662 Information Exposure vulnerability in SAP Business ONE 10.0
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted.
local
low complexity
sap CWE-200
2.1
2021-06-09 CVE-2021-27637 Unspecified vulnerability in SAP Enable NOW 1.0/10.0
Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.
local
sap
1.9
2021-06-09 CVE-2021-27615 Cross-site Scripting vulnerability in SAP Manufacturing Execution
SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response.
network
sap CWE-79
3.5
2021-05-11 CVE-2021-27614 Injection vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE
SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application.
local
low complexity
sap CWE-74
3.6