VYPR

Business Connector

by SAP

CVEs (7)

  • CVE-2006-0731Feb 16, 2006
    risk 0.03cvss epss 0.03

    WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.

  • CVE-2026-0514Jan 13, 2026
    risk 0.00cvss epss 0.00

    Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow…

  • CVE-2025-42894Nov 11, 2025
    risk 0.00cvss epss 0.00

    Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary…

  • CVE-2025-42893Nov 11, 2025
    risk 0.00cvss epss 0.00

    Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the…

  • CVE-2025-42892Nov 11, 2025
    risk 0.00cvss epss 0.01

    Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of…

  • CVE-2025-42886Nov 11, 2025
    risk 0.00cvss epss 0.00

    Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page…

  • CVE-2006-0732Feb 16, 2006
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the…