Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-31404 Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap CWE-200
5.0
2023-05-09 CVE-2023-31406 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link.
network
low complexity
sap CWE-79
6.1
2023-05-09 CVE-2023-31407 Cross-site Scripting vulnerability in SAP Business Planning and Consolidation 740/750
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability.
network
low complexity
sap CWE-79
5.4
2023-05-09 CVE-2023-32112 Missing Authorization vulnerability in SAP S4Core and Vendor Master Hierarchy
Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function.
local
low complexity
sap CWE-862
5.5
2023-05-09 CVE-2023-28764 Insufficiently Protected Credentials vulnerability in SAP Businessobjects 4.20/4.30
SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network.
network
high complexity
sap CWE-522
5.9
2023-05-09 CVE-2023-29188 Cross-site Scripting vulnerability in SAP products
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2023-04-11 CVE-2023-29187 Uncontrolled Search Path Element vulnerability in SAP Sapsetup 9.0
A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC.
local
high complexity
sap CWE-427
6.7
2023-03-14 CVE-2023-27894 Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally.
network
low complexity
sap CWE-200
5.3
2023-03-14 CVE-2023-27895 Privilege Defined With Unsafe Actions vulnerability in SAP Authenticator 1.3.0
SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device.
network
low complexity
sap CWE-267
6.5
2023-03-14 CVE-2023-0021 Cross-site Scripting vulnerability in SAP Netweaver
Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting.
network
low complexity
sap CWE-79
6.1