Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-33988 Unspecified vulnerability in SAP Enable NOW
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information.
network
low complexity
sap
6.1
2023-07-11 CVE-2023-33992 Unspecified vulnerability in SAP Business Warehouse and Bw/4Hana
The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response.
network
low complexity
sap
6.5
2023-07-11 CVE-2023-35872 Unspecified vulnerability in SAP Netweaver Process Integration 7.50
The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity.
network
low complexity
sap
6.5
2023-07-11 CVE-2023-35873 Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50
The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity.
network
low complexity
sap CWE-306
6.5
2023-07-11 CVE-2023-36918 Unspecified vulnerability in SAP Enable NOW
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.
network
low complexity
sap
6.1
2023-07-11 CVE-2023-36919 Unspecified vulnerability in SAP Enable NOW
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.
network
low complexity
sap
5.3
2023-07-11 CVE-2023-36924 Unspecified vulnerability in SAP ERP Defense Forces and Public Security
While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file.
network
low complexity
sap
4.9
2023-06-13 CVE-2023-2827 Unspecified vulnerability in SAP Digital Manufacturing and Plant Connectivity
SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing.
low complexity
sap
5.7
2023-06-13 CVE-2023-32115 Unspecified vulnerability in SAP Master Data Synchronization
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.
local
low complexity
sap
6.1
2023-06-13 CVE-2023-33984 Unspecified vulnerability in SAP Netweaver 7.50
SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message.
network
low complexity
sap
5.4