Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-38150 | Cleartext Storage of Sensitive Information vulnerability in SAP Business Client 7.0/7.70 When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. | 6.5 |
| 2021-09-14 | CVE-2021-38164 | Missing Authorization vulnerability in SAP ERP Financial Accounting SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. | 5.4 |
| 2021-09-14 | CVE-2021-38174 | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 6.5 |
| 2021-09-14 | CVE-2021-38175 | Unspecified vulnerability in SAP Analysis for Microsoft Office 2.8 SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. | 6.5 |
| 2021-08-10 | CVE-2021-33699 | Unspecified vulnerability in SAP Fiori Client 3.2 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. low complexity sap | 6.5 |
| 2021-08-10 | CVE-2021-33702 | Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. | 6.1 |
| 2021-08-10 | CVE-2021-33703 | Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. | 6.1 |
| 2021-08-10 | CVE-2021-33706 | Improper Input Validation vulnerability in SAP Infrabox Due to improper input validation in InfraBox, logs can be modified by an authenticated user. | 4.3 |
| 2021-08-10 | CVE-2021-33707 | Unspecified vulnerability in SAP Netweaver Knowledge Management SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. | 6.1 |
| 2021-08-09 | CVE-2015-7731 | Information Exposure vulnerability in SAP Mobile Platform 3.0 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. | 5.5 |