Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-08 CVE-2022-41259 Unspecified vulnerability in SAP SQL Anywhere 17.0
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor.
network
low complexity
sap
6.5
2022-11-08 CVE-2022-41260 Cross-site Scripting vulnerability in SAP Financial Consolidation 1010
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request.
network
low complexity
sap CWE-79
6.1
2022-10-11 CVE-2022-35226 Unspecified vulnerability in SAP Data Services 4.2/4.3
SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability.
network
low complexity
sap
6.1
2022-10-11 CVE-2022-35296 Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420/430
Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality.
network
low complexity
sap CWE-200
4.9
2022-10-11 CVE-2022-35297 Unspecified vulnerability in SAP Enable NOW 10
The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability.
network
low complexity
sap
5.4
2022-10-11 CVE-2022-39015 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
6.5
2022-10-11 CVE-2022-39800 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network.
network
low complexity
sap
6.1
2022-10-11 CVE-2022-39807 Unspecified vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
5.5
2022-10-11 CVE-2022-41166 Unspecified vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
5.5
2022-10-11 CVE-2022-41169 Unspecified vulnerability in SAP 3D Visual Enterprise Author 9.0
Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
5.5