Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2018-17861 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol.
network
low complexity
sap CWE-79
6.1
2021-08-09 CVE-2018-17862 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2.
network
low complexity
sap CWE-79
6.1
2021-08-09 CVE-2018-17865 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol.
network
low complexity
sap CWE-79
6.1
2021-07-14 CVE-2021-33667 Unspecified vulnerability in SAP Businessobjects web Intelligence 420/430
Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted.
network
low complexity
sap
4.3
2021-07-14 CVE-2021-33678 Unspecified vulnerability in SAP Netweaver Application Server Abap
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application.
network
low complexity
sap
6.5
2021-07-14 CVE-2021-33680 Classic Buffer Overflow vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application.
network
low complexity
sap CWE-120
6.5
2021-07-14 CVE-2021-33681 Out-of-bounds Write vulnerability in SAP 3D Visual Enterprise Viewer 9
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application.
network
low complexity
sap CWE-787
6.5
2021-07-14 CVE-2021-33682 Cross-site Scripting vulnerability in SAP Lumira Server 2.4
SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2021-07-14 CVE-2021-33683 HTTP Request Smuggling vulnerability in SAP Internet Communication Manager and web Dispatcher
SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header.
network
low complexity
sap CWE-444
4.3
2021-07-14 CVE-2021-33684 Out-of-bounds Write vulnerability in SAP Netweaver Abap and Netweaver Application Server Abap
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability.
network
low complexity
sap CWE-787
5.3