Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-39014 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 430
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.
network
low complexity
sap
5.3
2022-09-13 CVE-2022-39799 Unspecified vulnerability in SAP Netweaver Application Server Abap
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack.
network
low complexity
sap
6.1
2022-07-12 CVE-2022-29619 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.
network
low complexity
sap
6.5
2022-07-12 CVE-2022-31592 Unspecified vulnerability in SAP Enterprise Extension Defense Forces & Public Security
The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.
network
low complexity
sap
4.3
2022-07-12 CVE-2022-31597 Unspecified vulnerability in SAP S/4Hana and Sapscore
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
network
low complexity
sap
5.4
2022-07-12 CVE-2022-31598 Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation.
network
low complexity
sap CWE-345
5.4
2022-07-12 CVE-2022-32246 Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend.
network
low complexity
sap
4.6
2022-07-12 CVE-2022-32247 Unspecified vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network.
network
low complexity
sap
6.1
2022-07-12 CVE-2022-32248 Unspecified vulnerability in SAP S/4Hana
Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database.
network
low complexity
sap
5.3
2022-07-12 CVE-2022-35169 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application.
network
low complexity
sap
6.0