Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-11 CVE-2021-27611 Code Injection vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system.
local
low complexity
sap CWE-94
6.7
2021-05-11 CVE-2021-27612 Open Redirect vulnerability in SAP GUI for Windows 7.60/7.70
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
network
low complexity
sap CWE-601
6.1
2021-05-11 CVE-2021-27617 Improper Input Validation vulnerability in SAP Netweaver Process Integration
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source.
network
low complexity
sap CWE-20
4.9
2021-05-11 CVE-2021-27618 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Process Integration
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source.
network
low complexity
sap CWE-434
4.9
2021-05-11 CVE-2021-27619 Unspecified vulnerability in SAP Commerce
SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them.
network
low complexity
sap
6.5
2021-04-14 CVE-2021-27604 XXE vulnerability in SAP Netweaver Process Integration
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.
network
low complexity
sap CWE-611
6.5
2021-04-14 CVE-2021-27599 Unspecified vulnerability in SAP Netweaver Process Integration
SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.
network
low complexity
sap
6.5
2021-04-13 CVE-2021-27609 Missing Authorization vulnerability in SAP Focused RUN 200/300
SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization.
network
low complexity
sap CWE-862
6.5
2021-04-13 CVE-2021-27605 Missing Authorization vulnerability in SAP Fiori Apps 2.0 for Travel Management in SAP ERP
SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges.
network
low complexity
sap CWE-862
4.3
2021-04-13 CVE-2021-27603 Unspecified vulnerability in SAP Netweaver Application Server Abap 731/740/750
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time.
network
low complexity
sap
6.5