Vulnerabilities > SAP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-11 | CVE-2023-36919 | Intentional Information Exposure vulnerability in SAP Enable NOW In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure. | 5.3 |
| 2023-07-11 | CVE-2023-36924 | Improper Output Neutralization for Logs vulnerability in SAP ERP Defense Forces and Public Security While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. | 4.9 |
| 2023-06-13 | CVE-2023-2827 | Missing Authentication for Critical Function vulnerability in SAP Digital Manufacturing and Plant Connectivity SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. | 5.7 |
| 2023-06-13 | CVE-2023-32115 | SQL Injection vulnerability in SAP Master Data Synchronization An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. | 6.1 |
| 2023-06-13 | CVE-2023-33984 | Cross-site Scripting vulnerability in SAP Netweaver 7.50 SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. | 5.4 |
| 2023-06-13 | CVE-2023-33985 | Cross-site Scripting vulnerability in SAP Netweaver 7.50 SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. | 6.1 |
| 2023-06-13 | CVE-2023-33986 | Cross-site Scripting vulnerability in SAP Customer Relationship Management Abap 430 SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-05-09 | CVE-2023-30741 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence 420/430 Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. | 6.1 |
| 2023-05-09 | CVE-2023-30742 | Cross-site Scripting vulnerability in SAP products SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. | 6.1 |
| 2023-05-09 | CVE-2023-30743 | Cross-site Scripting vulnerability in SAP Sapui5 Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. | 6.1 |