Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-14 CVE-2023-27268 Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50
SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges.
network
low complexity
sap
5.3
2023-03-14 CVE-2023-27270 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable.
network
low complexity
sap
6.5
2023-02-14 CVE-2023-0019 Unspecified vulnerability in SAP GRC Process Control
In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database.
network
low complexity
sap
6.5
2023-02-14 CVE-2023-0024 Unspecified vulnerability in SAP Solution Manager 720
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.
network
low complexity
sap
5.4
2023-02-14 CVE-2023-0025 Unspecified vulnerability in SAP Solution Manager 720
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources.
network
low complexity
sap
5.4
2023-02-14 CVE-2023-23851 Unspecified vulnerability in SAP Business Planning and Consolidation 200/300
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation.
network
low complexity
sap
5.4
2023-02-14 CVE-2023-23852 Unspecified vulnerability in SAP Solution Manager 720
SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2023-02-14 CVE-2023-23853 Unspecified vulnerability in SAP Netweaver Application Server Abap
An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.
network
low complexity
sap
6.1
2023-02-14 CVE-2023-23854 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap
5.4
2023-02-14 CVE-2023-23855 Unspecified vulnerability in SAP Solution Manager 720
SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap
5.4