Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-12 | CVE-2022-31598 | Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420 Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. | 5.4 |
| 2022-07-12 | CVE-2022-32246 | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. | 4.6 |
| 2022-07-12 | CVE-2022-32247 | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. | 6.1 |
| 2022-07-12 | CVE-2022-32248 | Unspecified vulnerability in SAP S/4Hana Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. | 5.3 |
| 2022-07-12 | CVE-2022-35169 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. | 6.0 |
| 2022-07-12 | CVE-2022-35170 | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. | 6.1 |
| 2022-07-12 | CVE-2022-35171 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
| 2022-07-12 | CVE-2022-35172 | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-07-12 | CVE-2022-35224 | Unspecified vulnerability in SAP Enterprise Portal SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-07-12 | CVE-2022-35225 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. | 6.1 |