Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-33005 Missing Authorization vulnerability in SAP products
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions.
local
low complexity
sap CWE-862
6.3
2024-08-13 CVE-2024-41731 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2024-08-13 CVE-2024-41732 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls.
network
low complexity
sap
5.4
2024-08-13 CVE-2024-41733 Unspecified vulnerability in SAP Commerce Comcloud2211/Hycom2205
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes.
network
low complexity
sap
5.3
2024-08-13 CVE-2024-41735 Cross-site Scripting vulnerability in SAP Commerce Backoffice Hycom2205
SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.
network
low complexity
sap CWE-79
5.4
2024-08-13 CVE-2024-41736 Unspecified vulnerability in SAP Permit to Work Uis4Hop1800/Uis4Hop1900
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.
network
low complexity
sap
4.3
2024-08-13 CVE-2024-41737 Server-Side Request Forgery (SSRF) vulnerability in SAP CRM Abap Insights Management
SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests.
network
low complexity
sap CWE-918
5.0
2024-08-13 CVE-2024-42375 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430/440
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2024-08-13 CVE-2024-42376 Missing Authorization vulnerability in SAP Shared Service Framework
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2024-08-13 CVE-2024-42377 Missing Authorization vulnerability in SAP Shared Service Framework
SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application
network
low complexity
sap CWE-862
4.3