Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-08 | CVE-2022-41205 | Code Injection vulnerability in SAP GUI 7.70 SAP GUI allows an authenticated attacker to execute scripts in the local network. | 6.1 |
| 2022-11-08 | CVE-2022-41207 | Open Redirect vulnerability in SAP Biller Direct 635/750 SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. | 6.1 |
| 2022-11-08 | CVE-2022-41208 | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. | 5.4 |
| 2022-11-08 | CVE-2022-41212 | Path Traversal vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. | 4.9 |
| 2022-11-08 | CVE-2022-41215 | Open Redirect vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 4.7 |
| 2022-11-08 | CVE-2022-41258 | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. | 6.5 |
| 2022-11-08 | CVE-2022-41259 | Unspecified vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | 6.5 |
| 2022-11-08 | CVE-2022-41260 | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. | 6.1 |
| 2022-10-11 | CVE-2022-35226 | Cross-site Scripting vulnerability in SAP Data Services 4.2/4.3 SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. | 6.1 |
| 2022-10-11 | CVE-2022-35296 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. | 4.9 |