Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-14 CVE-2023-23851 Unspecified vulnerability in SAP Business Planning and Consolidation 200/300
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation.
network
low complexity
sap
5.4
2023-02-14 CVE-2023-23852 Unspecified vulnerability in SAP Solution Manager 720
SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2023-02-14 CVE-2023-23853 Unspecified vulnerability in SAP Netweaver Application Server Abap
An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.
network
low complexity
sap
6.1
2023-02-14 CVE-2023-23854 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap
5.4
2023-02-14 CVE-2023-23855 Unspecified vulnerability in SAP Solution Manager 720
SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap
5.4
2023-02-14 CVE-2023-23856 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430
In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response.
network
low complexity
sap
5.4
2023-02-14 CVE-2023-23858 Unspecified vulnerability in SAP Netweaver Application Server Abap
Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data.
network
low complexity
sap
6.1
2023-02-14 CVE-2023-23859 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information.
network
low complexity
sap
6.1
2023-02-14 CVE-2023-23860 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.
network
low complexity
sap
6.1
2023-02-14 CVE-2023-24521 Unspecified vulnerability in SAP Netweaver AS Abap Business Server Pages
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data.
network
low complexity
sap
6.1