Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-12 CVE-2022-41261 Unspecified vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files.
local
low complexity
sap
5.5
2022-12-12 CVE-2022-41262 Unspecified vulnerability in SAP Netweaver Application Server Java 7.50
Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header.
network
low complexity
sap
6.1
2022-12-12 CVE-2022-41263 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted.
network
low complexity
sap
4.3
2022-12-12 CVE-2022-31596 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 430
Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted.
network
low complexity
sap
6.0
2022-11-08 CVE-2022-41205 Unspecified vulnerability in SAP GUI 7.70
SAP GUI allows an authenticated attacker to execute scripts in the local network.
local
low complexity
sap
6.1
2022-11-08 CVE-2022-41207 Unspecified vulnerability in SAP Biller Direct 635/750
SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL.
network
low complexity
sap
6.1
2022-11-08 CVE-2022-41208 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session.
network
low complexity
sap CWE-79
5.4
2022-11-08 CVE-2022-41212 Unspecified vulnerability in SAP Netweaver Application Server Abap
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted.
network
low complexity
sap
4.9
2022-11-08 CVE-2022-41215 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap
4.7
2022-11-08 CVE-2022-41258 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console.
network
low complexity
sap CWE-79
6.5