Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-10 | CVE-2021-33702 | Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. | 6.1 |
| 2021-08-10 | CVE-2021-33703 | Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. | 6.1 |
| 2021-08-10 | CVE-2021-33706 | Improper Input Validation vulnerability in SAP Infrabox Due to improper input validation in InfraBox, logs can be modified by an authenticated user. | 4.3 |
| 2021-08-10 | CVE-2021-33707 | Unspecified vulnerability in SAP Netweaver Knowledge Management SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. | 6.1 |
| 2021-08-09 | CVE-2015-7731 | Information Exposure vulnerability in SAP Mobile Platform 3.0 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. | 5.5 |
| 2021-08-09 | CVE-2018-17861 | Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. | 6.1 |
| 2021-08-09 | CVE-2018-17862 | Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. | 6.1 |
| 2021-08-09 | CVE-2018-17865 | Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01 A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. | 6.1 |
| 2021-07-14 | CVE-2021-33667 | Unspecified vulnerability in SAP Businessobjects web Intelligence 420/430 Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted. | 4.3 |
| 2021-07-14 | CVE-2021-33678 | Unspecified vulnerability in SAP Netweaver Application Server Abap A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. | 6.5 |