VYPR

Cloud Connector

by SAP

CVEs (10)

  • CVE-2025-42955LowAug 12, 2025
    risk 0.23cvss 3.5epss 0.00

    Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact…

  • CVE-2024-25642Feb 13, 2024
    risk 0.00cvss epss 0.01

    Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no…

  • CVE-2023-49578Dec 12, 2023
    risk 0.00cvss epss 0.00

    SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.

  • CVE-2021-33694Sep 15, 2021
    risk 0.00cvss epss 0.00

    SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored…

  • CVE-2021-33693Sep 15, 2021
    risk 0.00cvss epss 0.01

    SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.

  • CVE-2021-33695Sep 15, 2021
    risk 0.00cvss epss 0.01

    Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.

  • CVE-2021-33692Sep 15, 2021
    risk 0.00cvss epss 0.01

    SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories.

  • CVE-2021-22914Jun 16, 2021
    risk 0.00cvss epss 0.01

    Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud…

  • CVE-2019-0247Jan 8, 2019
    risk 0.00cvss epss 0.01

    SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

  • CVE-2019-0246Jan 8, 2019
    risk 0.00cvss epss 0.03

    SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.