Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-27611 | Code Injection vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. | 6.7 |
| 2021-05-11 | CVE-2021-27612 | Open Redirect vulnerability in SAP GUI for Windows 7.60/7.70 In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim. | 6.1 |
| 2021-05-11 | CVE-2021-27617 | Improper Input Validation vulnerability in SAP Netweaver Process Integration The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. | 4.9 |
| 2021-05-11 | CVE-2021-27618 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Process Integration The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. | 4.9 |
| 2021-05-11 | CVE-2021-27619 | Unspecified vulnerability in SAP Commerce SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. | 6.5 |
| 2021-04-14 | CVE-2021-27604 | XXE vulnerability in SAP Netweaver Process Integration In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. | 6.5 |
| 2021-04-14 | CVE-2021-27599 | Unspecified vulnerability in SAP Netweaver Process Integration SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted. | 6.5 |
| 2021-04-13 | CVE-2021-27609 | Missing Authorization vulnerability in SAP Focused RUN 200/300 SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization. | 6.5 |
| 2021-04-13 | CVE-2021-27605 | Missing Authorization vulnerability in SAP Fiori Apps 2.0 for Travel Management in SAP ERP SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. | 4.3 |
| 2021-04-13 | CVE-2021-27603 | Unspecified vulnerability in SAP Netweaver Application Server Abap 731/740/750 An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. | 6.5 |