Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-38150 Cleartext Storage of Sensitive Information vulnerability in SAP Business Client 7.0/7.70
When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials.
network
low complexity
sap CWE-312
6.5
2021-09-14 CVE-2021-38164 Missing Authorization vulnerability in SAP ERP Financial Accounting
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users.
network
low complexity
sap CWE-862
5.4
2021-09-14 CVE-2021-38174 Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9
When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.
network
low complexity
sap
6.5
2021-09-14 CVE-2021-38175 Unspecified vulnerability in SAP Analysis for Microsoft Office 2.8
SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction.
network
low complexity
sap
6.5
2021-08-10 CVE-2021-33699 Unspecified vulnerability in SAP Fiori Client 3.2
Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features.
low complexity
sap
6.5
2021-08-10 CVE-2021-33702 Unspecified vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data.
network
low complexity
sap
6.1
2021-08-10 CVE-2021-33703 Unspecified vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters.
network
low complexity
sap
6.1
2021-08-10 CVE-2021-33706 Improper Input Validation vulnerability in SAP Infrabox
Due to improper input validation in InfraBox, logs can be modified by an authenticated user.
network
low complexity
sap CWE-20
4.3
2021-08-10 CVE-2021-33707 Unspecified vulnerability in SAP Netweaver Knowledge Management
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component.
network
low complexity
sap
6.1
2021-08-09 CVE-2015-7731 Information Exposure vulnerability in SAP Mobile Platform 3.0
SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830.
local
low complexity
sap CWE-200
5.5