Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-12 | CVE-2022-26107 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
| 2022-04-12 | CVE-2022-26108 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
| 2022-04-12 | CVE-2022-26109 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
| 2022-04-12 | CVE-2022-27654 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
| 2022-04-12 | CVE-2022-27655 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
| 2022-04-12 | CVE-2022-27670 | Unspecified vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. | 6.5 |
| 2022-04-12 | CVE-2022-27671 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. | 6.5 |
| 2022-04-12 | CVE-2022-28215 | Unspecified vulnerability in SAP Netweaver Abap 740/750/787 SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 4.7 |
| 2022-04-12 | CVE-2022-28216 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. | 6.1 |
| 2022-04-12 | CVE-2022-28770 | Unspecified vulnerability in SAP Sapui5 Library Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. | 6.1 |