Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-27601 Cross-site Scripting vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server.
network
low complexity
sap CWE-79
5.4
2021-04-13 CVE-2021-27600 Cross-site Scripting vulnerability in SAP Manufacturing Execution
SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
5.4
2021-04-13 CVE-2021-27598 Missing Authorization vulnerability in SAP Netweaver Application Server Java 7.31/7.40/7.50
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc.
network
low complexity
sap CWE-862
5.3
2021-04-13 CVE-2021-21492 Authentication Bypass by Spoofing vulnerability in SAP Netweaver Application Server Java
SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled.
network
low complexity
sap CWE-290
4.3
2021-04-13 CVE-2021-21485 Unspecified vulnerability in SAP Netweaver Application Server Java
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user.
network
low complexity
sap
6.5
2021-04-13 CVE-2021-21483 Unspecified vulnerability in SAP Solution Manager 7.20
Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application.
network
low complexity
sap
4.9
2021-03-10 CVE-2021-21491 Open Redirect vulnerability in SAP Netweaver Application Server Java
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
network
low complexity
sap CWE-601
6.1
2021-03-09 CVE-2021-21488 Deserialization of Untrusted Data vulnerability in SAP Netweaver Knowledge Management
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.
network
low complexity
sap CWE-502
6.5
2021-02-09 CVE-2021-21478 Open Redirect vulnerability in SAP web Dynpro Abap
SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
network
low complexity
sap CWE-601
6.1
2021-02-09 CVE-2021-21476 Open Redirect vulnerability in SAP UI5
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
network
low complexity
sap CWE-601
6.1