Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-41207 Unspecified vulnerability in SAP Biller Direct 635/750
SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL.
network
low complexity
sap
6.1
2022-11-08 CVE-2022-41208 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session.
network
low complexity
sap CWE-79
5.4
2022-11-08 CVE-2022-41212 Unspecified vulnerability in SAP Netweaver Application Server Abap
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted.
network
low complexity
sap
4.9
2022-11-08 CVE-2022-41215 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap
4.7
2022-11-08 CVE-2022-41258 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console.
network
low complexity
sap CWE-79
6.5
2022-11-08 CVE-2022-41259 Unspecified vulnerability in SAP SQL Anywhere 17.0
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.
network
low complexity
sap
6.5
2022-11-08 CVE-2022-41260 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request.
network
low complexity
sap CWE-79
6.1
2022-10-11 CVE-2022-35226 Unspecified vulnerability in SAP Data Services 4.2/4.3
SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability.
network
low complexity
sap
6.1
2022-10-11 CVE-2022-35296 Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430
Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.
network
low complexity
sap CWE-200
4.9
2022-10-11 CVE-2022-35297 Unspecified vulnerability in SAP Enable NOW 10
The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.
network
low complexity
sap
5.4