Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-12 | CVE-2022-41261 | Unspecified vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. | 5.5 |
| 2022-12-12 | CVE-2022-41262 | Unspecified vulnerability in SAP Netweaver Application Server Java 7.50 Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. | 6.1 |
| 2022-12-12 | CVE-2022-41263 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. | 4.3 |
| 2022-12-12 | CVE-2022-31596 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430 Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. | 6.0 |
| 2022-11-08 | CVE-2022-41205 | Unspecified vulnerability in SAP GUI 7.70 SAP GUI allows an authenticated attacker to execute scripts in the local network. | 6.1 |
| 2022-11-08 | CVE-2022-41207 | Unspecified vulnerability in SAP Biller Direct 635/750 SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. | 6.1 |
| 2022-11-08 | CVE-2022-41208 | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. | 5.4 |
| 2022-11-08 | CVE-2022-41212 | Unspecified vulnerability in SAP Netweaver Application Server Abap Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. | 4.9 |
| 2022-11-08 | CVE-2022-41215 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 4.7 |
| 2022-11-08 | CVE-2022-41258 | Cross-site Scripting vulnerability in SAP Financial Consolidation 1010 Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. | 6.5 |