Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2021-33697 Improper Privilege Management vulnerability in SAP Businessobjects Business Intelligence 420/430
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
network
low complexity
sap CWE-269
6.1
2021-09-14 CVE-2021-21489 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
4.8
2021-09-14 CVE-2021-33673 Cross-site Scripting vulnerability in SAP Contact Center 700
Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them.
network
low complexity
sap CWE-79
6.1
2021-09-14 CVE-2021-33674 Cross-site Scripting vulnerability in SAP Contact Center 700
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs.
network
low complexity
sap CWE-79
6.1
2021-09-14 CVE-2021-33675 Cross-site Scripting vulnerability in SAP Contact Center 700
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs.
network
low complexity
sap CWE-79
6.1
2021-09-14 CVE-2021-33679 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 420
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder.
network
low complexity
sap CWE-79
5.4
2021-09-14 CVE-2021-33685 Path Traversal vulnerability in SAP Business ONE 10.0
SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory.
network
low complexity
sap CWE-22
6.5
2021-09-14 CVE-2021-33686 Unspecified vulnerability in SAP Business ONE 10.0
Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.
network
low complexity
sap
5.3
2021-09-14 CVE-2021-33688 SQL Injection vulnerability in SAP Business ONE 10.0
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database.
network
low complexity
sap CWE-89
4.3
2021-09-14 CVE-2021-37532 Path Traversal vulnerability in SAP Business ONE 10.0
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.
network
low complexity
sap CWE-22
4.3