Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-33697 | Improper Privilege Management vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | 6.1 |
| 2021-09-14 | CVE-2021-21489 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. | 4.8 |
| 2021-09-14 | CVE-2021-33673 | Cross-site Scripting vulnerability in SAP Contact Center 700 Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. | 6.1 |
| 2021-09-14 | CVE-2021-33674 | Cross-site Scripting vulnerability in SAP Contact Center 700 Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. | 6.1 |
| 2021-09-14 | CVE-2021-33675 | Cross-site Scripting vulnerability in SAP Contact Center 700 Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. | 6.1 |
| 2021-09-14 | CVE-2021-33679 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. | 5.4 |
| 2021-09-14 | CVE-2021-33685 | Path Traversal vulnerability in SAP Business ONE 10.0 SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. | 6.5 |
| 2021-09-14 | CVE-2021-33686 | Unspecified vulnerability in SAP Business ONE 10.0 Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. | 5.3 |
| 2021-09-14 | CVE-2021-33688 | SQL Injection vulnerability in SAP Business ONE 10.0 SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. | 4.3 |
| 2021-09-14 | CVE-2021-37532 | Path Traversal vulnerability in SAP Business ONE 10.0 SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User. | 4.3 |