Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-08 | CVE-2023-37484 | Unspecified vulnerability in SAP Powerdesigner 16.7 SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory. | 5.3 |
| 2023-08-08 | CVE-2023-37487 | Unspecified vulnerability in SAP Business ONE 10.0 SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | 5.3 |
| 2023-08-08 | CVE-2023-37488 | Unspecified vulnerability in SAP Netweaver Process Integration 7.50 In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. | 6.1 |
| 2023-08-08 | CVE-2023-37492 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 6.5 |
| 2023-08-08 | CVE-2023-39436 | Unspecified vulnerability in SAP Supplier Relationship Management SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. | 5.8 |
| 2023-08-08 | CVE-2023-39437 | Unspecified vulnerability in SAP Business ONE 10.0 SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. | 5.4 |
| 2023-08-08 | CVE-2023-39440 | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420 In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. | 4.4 |
| 2023-07-11 | CVE-2023-31405 | Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50 SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. | 5.3 |
| 2023-07-11 | CVE-2023-33988 | Unspecified vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information. | 6.1 |
| 2023-07-11 | CVE-2023-33992 | Unspecified vulnerability in SAP Business Warehouse and Bw/4Hana The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. | 6.5 |