Vulnerabilities > SAP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-13 | CVE-2023-33984 | Unspecified vulnerability in SAP Netweaver 7.50 SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. | 5.4 |
2023-06-13 | CVE-2023-33985 | Unspecified vulnerability in SAP Netweaver 7.50 SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. | 6.1 |
2023-06-13 | CVE-2023-33986 | Unspecified vulnerability in SAP Customer Relationship Management Abap 430 SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2023-05-09 | CVE-2023-30741 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. | 6.1 |
2023-05-09 | CVE-2023-30742 | Unspecified vulnerability in SAP products SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. | 6.1 |
2023-05-09 | CVE-2023-30743 | Unspecified vulnerability in SAP Sapui5 Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. | 6.1 |
2023-05-09 | CVE-2023-31404 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. | 5.0 |
2023-05-09 | CVE-2023-31406 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. | 6.1 |
2023-05-09 | CVE-2023-31407 | Unspecified vulnerability in SAP Business Planning and Consolidation 740/750 SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. | 5.4 |
2023-05-09 | CVE-2023-32112 | Unspecified vulnerability in SAP S4Core and Vendor Master Hierarchy Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. | 5.5 |