Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-33679 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420 The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. | 5.4 |
| 2021-09-14 | CVE-2021-33685 | Path Traversal vulnerability in SAP Business ONE 10.0 SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. | 6.5 |
| 2021-09-14 | CVE-2021-33686 | Unspecified vulnerability in SAP Business ONE 10.0 Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. | 5.3 |
| 2021-09-14 | CVE-2021-33688 | SQL Injection vulnerability in SAP Business ONE 10.0 SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. | 4.3 |
| 2021-09-14 | CVE-2021-37532 | Path Traversal vulnerability in SAP Business ONE 10.0 SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User. | 4.3 |
| 2021-09-14 | CVE-2021-38150 | Cleartext Storage of Sensitive Information vulnerability in SAP Business Client 7.0/7.70 When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. | 6.5 |
| 2021-09-14 | CVE-2021-38164 | Missing Authorization vulnerability in SAP ERP Financial Accounting SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. | 5.4 |
| 2021-09-14 | CVE-2021-38174 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
| 2021-09-14 | CVE-2021-38175 | Unspecified vulnerability in SAP Analysis for Microsoft Office 2.8 SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. | 6.5 |
| 2021-08-10 | CVE-2021-33699 | Unspecified vulnerability in SAP Fiori Client 3.2 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. low complexity sap | 6.5 |