Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-12 | CVE-2022-22541 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. | 4.0 |
| 2022-04-12 | CVE-2022-26105 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. | 4.3 |
| 2022-04-12 | CVE-2022-26106 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
| 2022-04-12 | CVE-2022-26107 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
| 2022-04-12 | CVE-2022-26108 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
| 2022-04-12 | CVE-2022-26109 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
| 2022-04-12 | CVE-2022-27654 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
| 2022-04-12 | CVE-2022-27655 | Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 4.3 |
| 2022-04-12 | CVE-2022-27667 | Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 430 Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 4.3 |
| 2022-04-12 | CVE-2022-27669 | Missing Authorization vulnerability in SAP Netweaver Application Server for Java 7.50 An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. | 5.0 |