Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-12 | CVE-2022-27670 | Unspecified vulnerability in SAP SQL Anywhere 17.0 SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. | 6.5 |
| 2022-04-12 | CVE-2022-27671 | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. | 6.5 |
| 2022-04-12 | CVE-2022-28215 | Unspecified vulnerability in SAP Netweaver Abap 740/750/787 SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 4.7 |
| 2022-04-12 | CVE-2022-28216 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. | 6.1 |
| 2022-04-12 | CVE-2022-28770 | Unspecified vulnerability in SAP Sapui5 Library Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. | 6.1 |
| 2022-03-10 | CVE-2022-26101 | Unspecified vulnerability in SAP Fiori Launchpad 754/755/756 Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2022-03-10 | CVE-2022-26102 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. | 5.4 |
| 2022-03-10 | CVE-2022-26103 | Unspecified vulnerability in SAP Netweaver Application Server Java 7.50 Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | 5.3 |
| 2022-03-10 | CVE-2022-26104 | Missing Authorization vulnerability in SAP Financial Consolidation 10.1 SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. | 5.3 |
| 2022-03-10 | CVE-2022-24395 | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |