Vulnerabilities > SAP > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-09 | CVE-2015-7731 | Information Exposure vulnerability in SAP Mobile Platform 3.0 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. | 2.1 |
2021-07-14 | CVE-2021-33682 | Cross-site Scripting vulnerability in SAP Lumira Server 2.4 SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2021-06-09 | CVE-2021-33665 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2021-06-09 | CVE-2021-33664 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2021-06-09 | CVE-2021-33662 | Information Exposure vulnerability in SAP Business ONE 10.0 Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. | 2.1 |
2021-06-09 | CVE-2021-27637 | Unspecified vulnerability in SAP Enable NOW 1.0/10.0 Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure. local sap | 1.9 |
2021-06-09 | CVE-2021-27615 | Cross-site Scripting vulnerability in SAP Manufacturing Execution SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. | 3.5 |
2021-05-11 | CVE-2021-27614 | Injection vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. | 3.6 |
2021-04-13 | CVE-2021-27600 | Cross-site Scripting vulnerability in SAP Manufacturing Execution SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2021-01-12 | CVE-2021-21445 | HTTP Request Smuggling vulnerability in SAP Commerce Cloud SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP response Content Type header, due to improper input validation, and sent to a Web user. | 3.5 |