Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-11 CVE-2022-41210 Unspecified vulnerability in SAP Customer Data Cloud 7.4
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers.
low complexity
sap
5.2
2022-09-13 CVE-2022-32244 Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430
Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable.
low complexity
sap
5.2
2022-09-13 CVE-2022-35294 Unspecified vulnerability in SAP Netweaver Application Server Abap
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack.
network
low complexity
sap
5.4
2022-09-13 CVE-2022-35295 Unspecified vulnerability in SAP Host Agent 7.22
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
network
low complexity
sap
4.9
2022-09-13 CVE-2022-35298 Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.50
SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.
network
low complexity
sap
6.1
2022-09-13 CVE-2022-39014 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 430
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.
network
low complexity
sap
5.3
2022-09-13 CVE-2022-39799 Unspecified vulnerability in SAP Netweaver Application Server Abap
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack.
network
low complexity
sap
6.1
2022-07-12 CVE-2022-29619 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.
network
low complexity
sap
6.5
2022-07-12 CVE-2022-31592 Unspecified vulnerability in SAP Enterprise Extension Defense Forces & Public Security
The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.
network
low complexity
sap
4.3
2022-07-12 CVE-2022-31597 Unspecified vulnerability in SAP S/4Hana and Sapscore
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
network
low complexity
sap
5.4