Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-14 | CVE-2023-25615 | Unspecified vulnerability in SAP Abap Platform Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. | 4.9 |
| 2023-03-14 | CVE-2023-25618 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. | 6.5 |
| 2023-03-14 | CVE-2023-26457 | Unspecified vulnerability in SAP Content Server 7.53 SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-03-14 | CVE-2023-26460 | Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50 Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity | 5.3 |
| 2023-03-14 | CVE-2023-26461 | Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.50 SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. | 4.9 |
| 2023-03-14 | CVE-2023-27268 | Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50 SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges. | 5.3 |
| 2023-03-14 | CVE-2023-27270 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. | 6.5 |
| 2023-02-14 | CVE-2023-0019 | Unspecified vulnerability in SAP GRC Process Control In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. | 6.5 |
| 2023-02-14 | CVE-2023-0024 | Unspecified vulnerability in SAP Solution Manager 720 SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability. | 5.4 |
| 2023-02-14 | CVE-2023-0025 | Unspecified vulnerability in SAP Solution Manager 720 SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources. | 5.4 |