Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-27613 | Unspecified vulnerability in SAP Chef Business-One-Cookbook 0.1.9 Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability. | 4.6 |
| 2021-05-11 | CVE-2021-27617 | Resource Exhaustion vulnerability in SAP Netweaver Process Integration The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. | 4.0 |
| 2021-05-11 | CVE-2021-27618 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Process Integration The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. | 4.0 |
| 2021-05-11 | CVE-2021-27619 | Unspecified vulnerability in SAP Commerce SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. | 4.0 |
| 2021-04-14 | CVE-2021-27604 | XXE vulnerability in SAP Netweaver Process Integration In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. | 4.0 |
| 2021-04-14 | CVE-2021-27599 | Information Exposure vulnerability in SAP Netweaver Process Integration SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted. | 4.0 |
| 2021-04-13 | CVE-2021-27605 | Missing Authorization vulnerability in SAP ERP SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. | 4.0 |
| 2021-04-13 | CVE-2021-27603 | Unspecified vulnerability in SAP Netweaver Application Server Abap 731/740/750 An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. | 6.5 |
| 2021-04-13 | CVE-2021-27598 | Missing Authorization vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50 SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. | 5.3 |
| 2021-04-13 | CVE-2021-21485 | Unspecified vulnerability in SAP Netweaver Application Server Java An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user. network sap | 4.3 |