Vulnerabilities > SAP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-13 | CVE-2024-33005 | Missing Authorization vulnerability in SAP products Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. | 6.3 |
2024-08-13 | CVE-2024-41731 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420 SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. | 4.3 |
2024-08-13 | CVE-2024-41732 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. | 5.4 |
2024-08-13 | CVE-2024-41733 | Unspecified vulnerability in SAP Commerce Comcloud2211/Hycom2205 In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. | 5.3 |
2024-08-13 | CVE-2024-41735 | Cross-site Scripting vulnerability in SAP Commerce Backoffice Hycom2205 SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. | 5.4 |
2024-08-13 | CVE-2024-41736 | Unspecified vulnerability in SAP Permit to Work Uis4Hop1800/Uis4Hop1900 Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. | 4.3 |
2024-08-13 | CVE-2024-41737 | Server-Side Request Forgery (SSRF) vulnerability in SAP CRM Abap Insights Management SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. | 5.0 |
2024-08-13 | CVE-2024-42375 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430/440 SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. | 4.3 |
2024-08-13 | CVE-2024-42376 | Missing Authorization vulnerability in SAP Shared Service Framework SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 6.5 |
2024-08-13 | CVE-2024-42377 | Missing Authorization vulnerability in SAP Shared Service Framework SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application | 4.3 |