VYPR

Vendor CVEs

SAP

All CVEs

1,818 total · sorted by risk
  • CVE-2022-41169Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily…

  • CVE-2022-39804Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when…

  • CVE-2022-41186Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, a Remote Code Execution can be triggered when payload forces a stack-based…

  • CVE-2022-41181Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily…

  • CVE-2022-41202Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a…

  • CVE-2022-41173Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to…

  • CVE-2022-41183Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to…

  • CVE-2022-41187Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload…

  • CVE-2022-35296Oct 11, 2022
    risk 0.00cvss epss 0.01

    Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading…

  • CVE-2022-39802Oct 11, 2022
    risk 0.00cvss epss 0.06

    SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within…

  • CVE-2022-35226Oct 11, 2022
    risk 0.00cvss epss 0.01

    SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack,…

  • CVE-2022-41178Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes…

  • CVE-2022-41193Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload…

  • CVE-2022-39803Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when…

  • CVE-2022-41185Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when…

  • CVE-2022-41174Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated Right Hemisphere Material (.rhm, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable…

  • CVE-2022-41197Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the…

  • CVE-2022-41191Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload…

  • CVE-2022-41210Oct 11, 2022
    risk 0.00cvss epss 0.00

    SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings.

  • CVE-2022-41167Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a…

  • CVE-2022-39807Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily…

  • CVE-2022-41182Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes…

  • CVE-2022-41188Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily…

  • CVE-2022-39800Oct 11, 2022
    risk 0.00cvss epss 0.01

    SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information…

  • CVE-2022-41198Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a…

  • CVE-2022-41195Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when…

  • CVE-2022-41172Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a…

  • CVE-2022-41200Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload…

  • CVE-2022-41171Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable…

  • CVE-2022-41184Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated Windows Cursor File (.cur, ico.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a…

  • CVE-2022-41204Oct 11, 2022
    risk 0.00cvss epss 0.01

    An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal…

  • CVE-2022-41176Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the…

  • CVE-2022-41170Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload…

  • CVE-2022-41190Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a…

  • CVE-2022-41201Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces…

  • CVE-2022-41194Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable…

  • CVE-2022-39015Oct 11, 2022
    risk 0.00cvss epss 0.01

    Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.

  • CVE-2022-39806Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when…

  • CVE-2022-39808Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload…

  • CVE-2022-35299Oct 11, 2022
    risk 0.00cvss epss 0.01

    SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow.

  • CVE-2022-41199Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated Open Inventor File (.iv, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a…

  • CVE-2022-41196Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a…

  • CVE-2022-41206Oct 11, 2022
    risk 0.00cvss epss 0.00

    SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be…

  • CVE-2022-41177Oct 11, 2022
    risk 0.00cvss epss 0.00

    Due to lack of proper memory management, when a victim opens a manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be…

  • CVE-2022-41175Oct 11, 2022
    risk 0.00cvss epss 0.01

    Due to lack of proper memory management, when a victim opens a manipulated Enhanced Metafile (.emf, emf.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a…

  • CVE-2022-32244Sep 13, 2022
    risk 0.00cvss epss 0.00

    Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same…

  • CVE-2022-39014Sep 13, 2022
    risk 0.00cvss epss 0.00

    Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.

  • CVE-2022-39801Sep 13, 2022
    risk 0.00cvss epss 0.01

    SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to…

  • CVE-2022-39799Sep 13, 2022
    risk 0.00cvss epss 0.00

    An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.

  • CVE-2022-35298Sep 13, 2022
    risk 0.00cvss epss 0.00

    SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could…

Page 19 of 37