Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-14 | CVE-2022-29612 | Unspecified vulnerability in SAP Host Agent and Netweaver Abap SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. | 4.3 |
| 2022-06-13 | CVE-2022-28217 | Unspecified vulnerability in SAP Netweaver Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash. | 6.5 |
| 2022-06-06 | CVE-2020-6220 | Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 4.1/4.2 BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.7 |
| 2022-06-06 | CVE-2022-29617 | Unspecified vulnerability in SAP Contributor License Agreement Assistant Due to improper error handling an authenticated user can crash CLA assistant instance. | 6.5 |
| 2022-05-11 | CVE-2022-27656 | Unspecified vulnerability in SAP products The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-05-11 | CVE-2022-28774 | Unspecified vulnerability in SAP Host Agent 7.22 Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. | 5.5 |
| 2022-05-11 | CVE-2022-29610 | Unspecified vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | 5.4 |
| 2022-05-11 | CVE-2022-29613 | Unspecified vulnerability in SAP Employee Self Service 605 Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. | 4.3 |
| 2022-04-12 | CVE-2022-22541 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. | 6.5 |
| 2022-04-12 | CVE-2022-26105 | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. | 6.1 |