Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2022-35170 Unspecified vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack.
network
low complexity
sap
6.1
2022-07-12 CVE-2022-35171 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
5.5
2022-07-12 CVE-2022-35172 Unspecified vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2022-07-12 CVE-2022-35224 Unspecified vulnerability in SAP Enterprise Portal
SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2022-07-12 CVE-2022-35225 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack.
network
low complexity
sap CWE-79
6.1
2022-07-12 CVE-2022-35227 Unspecified vulnerability in SAP Netweaver Enterprise Portal
A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack.
network
low complexity
sap
6.1
2022-06-14 CVE-2022-32240 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
5.5
2022-06-14 CVE-2022-32241 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
5.5
2022-06-14 CVE-2022-32242 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
5.5
2022-06-14 CVE-2022-32243 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
local
low complexity
sap
5.5