Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-14 | CVE-2023-25614 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. | 6.1 |
| 2023-01-10 | CVE-2023-0015 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420 In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. | 5.4 |
| 2023-01-10 | CVE-2023-0018 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. | 6.1 |
| 2023-01-10 | CVE-2023-0023 | Unspecified vulnerability in SAP Bank Account Management 800/900 In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. | 5.7 |
| 2023-01-10 | CVE-2023-0012 | Unspecified vulnerability in SAP Host Agent 7.21/7.22 In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. | 6.7 |
| 2023-01-10 | CVE-2023-0013 | Unspecified vulnerability in SAP Netweaver Application Server Abap The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-12-13 | CVE-2022-41273 | Unspecified vulnerability in SAP Contract Lifecycle Manager and Sourcing Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. | 6.1 |
| 2022-12-13 | CVE-2022-41274 | Unspecified vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. | 6.5 |
| 2022-12-13 | CVE-2022-41275 | Open Redirect vulnerability in SAP Solution Manager 740/750 In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity. | 6.1 |
| 2022-12-13 | CVE-2022-41266 | Unspecified vulnerability in SAP Commerce Webservices 2.0 Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack. | 6.1 |