Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-10 CVE-2023-0013 Unspecified vulnerability in SAP Netweaver Application Server Abap
The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2022-12-13 CVE-2022-41273 Unspecified vulnerability in SAP Contract Lifecycle Manager and Sourcing
Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website.
network
low complexity
sap
6.1
2022-12-13 CVE-2022-41274 Unspecified vulnerability in SAP Disclosure Management 10.1
SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data.
network
low complexity
sap
6.5
2022-12-13 CVE-2022-41275 Open Redirect vulnerability in SAP Solution Manager 740/750
In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.
network
low complexity
sap CWE-601
6.1
2022-12-13 CVE-2022-41266 Unspecified vulnerability in SAP Commerce Webservices 2.0
Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack.
network
low complexity
sap
6.1
2022-12-12 CVE-2022-41261 Unspecified vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files.
local
low complexity
sap
5.5
2022-12-12 CVE-2022-41262 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header.
network
low complexity
sap
6.1
2022-12-12 CVE-2022-41263 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted.
network
low complexity
sap
4.3
2022-12-12 CVE-2022-31596 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted.
network
low complexity
sap
6.0
2022-11-08 CVE-2022-41205 Unspecified vulnerability in SAP GUI 7.70
SAP GUI allows an authenticated attacker to execute scripts in the local network.
local
low complexity
sap
6.1