Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-27615 Cross-site Scripting vulnerability in SAP Manufacturing Execution
SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response.
network
low complexity
sap CWE-79
5.4
2021-06-09 CVE-2021-27620 Unspecified vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap
5.9
2021-06-09 CVE-2021-27621 Unspecified vulnerability in SAP Netweaver Application Server for Java
Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name.
network
low complexity
sap
4.9
2021-06-09 CVE-2021-27622 Unspecified vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap
5.9
2021-06-09 CVE-2021-27623 Unspecified vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap
5.9
2021-06-09 CVE-2021-27624 Unspecified vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap
5.9
2021-06-09 CVE-2021-27625 Unspecified vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method IgsData::freeMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap
5.9
2021-06-09 CVE-2021-27626 Unspecified vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap
5.9
2021-06-09 CVE-2021-27627 Unspecified vulnerability in SAP Netweaver AS Internet Graphics Server
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable.
network
high complexity
sap
5.9
2021-06-09 CVE-2021-27634 Unspecified vulnerability in SAP Netweaver Abap
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable.
network
high complexity
sap
5.9