Vendor CVEs
SAP
All CVEs
1,818 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-35294 | 0.00 | — | 0.00 | Sep 13, 2022 | An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure… | |||
| CVE-2022-35292 | 0.00 | — | 0.00 | Sep 13, 2022 | In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries,… | |||
| CVE-2022-35295 | 0.00 | — | 0.01 | Sep 13, 2022 | In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. | |||
| CVE-2022-3118 | 0.00 | — | 0.01 | Sep 4, 2022 | A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The… | |||
| CVE-2022-35167 | 0.00 | — | 0.01 | Aug 19, 2022 | Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. | |||
| CVE-2022-32245 | 0.00 | — | 0.00 | Aug 9, 2022 | SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and… | |||
| CVE-2022-35293 | 0.00 | — | 0.01 | Aug 9, 2022 | Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application. | |||
| CVE-2022-35290 | 0.00 | — | 0.01 | Aug 9, 2022 | Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. | |||
| CVE-2022-35291 | 0.00 | — | 0.01 | Jul 27, 2022 | Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and… | |||
| CVE-2022-32249 | 0.00 | — | 0.01 | Jul 12, 2022 | Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | |||
| CVE-2022-35224 | 0.00 | — | 0.01 | Jul 12, 2022 | SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of… | |||
| CVE-2022-35228 | 0.00 | — | 0.00 | Jul 12, 2022 | SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social… | |||
| CVE-2022-35225 | 0.00 | — | 0.01 | Jul 12, 2022 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to… | |||
| CVE-2022-35227 | 0.00 | — | 0.01 | Jul 12, 2022 | A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script… | |||
| CVE-2022-35172 | 0.00 | — | 0.01 | Jul 12, 2022 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||
| CVE-2022-35171 | 0.00 | — | 0.00 | Jul 12, 2022 | When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their… | |||
| CVE-2022-35169 | 0.00 | — | 0.01 | Jul 12, 2022 | SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system… | |||
| CVE-2022-35170 | 0.00 | — | 0.01 | Jul 12, 2022 | SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to… | |||
| CVE-2022-35168 | 0.00 | — | 0.01 | Jul 12, 2022 | Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. | |||
| CVE-2022-32247 | 0.00 | — | 0.01 | Jul 12, 2022 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker… | |||
| CVE-2022-32248 | 0.00 | — | 0.01 | Jul 12, 2022 | Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data. | |||
| CVE-2022-31593 | 0.00 | — | 0.01 | Jul 12, 2022 | SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||
| CVE-2022-31591 | 0.00 | — | 0.00 | Jul 12, 2022 | SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | |||
| CVE-2022-31597 | 0.00 | — | 0.00 | Jul 12, 2022 | Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of… | |||
| CVE-2022-28771 | 0.00 | — | 0.01 | Jul 12, 2022 | Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible. | |||
| CVE-2022-29619 | 0.00 | — | 0.01 | Jul 12, 2022 | Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. | |||
| CVE-2022-31592 | 0.00 | — | 0.00 | Jul 12, 2022 | The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a… | |||
| CVE-2022-31598 | 0.00 | — | 0.00 | Jul 12, 2022 | Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on… | |||
| CVE-2022-32246 | 0.00 | — | 0.00 | Jul 12, 2022 | SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can… | |||
| CVE-2022-32243 | 0.00 | — | 0.01 | Jun 14, 2022 | When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||
| CVE-2022-32242 | 0.00 | — | 0.01 | Jun 14, 2022 | When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||
| CVE-2022-32241 | 0.00 | — | 0.01 | Jun 14, 2022 | When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||
| CVE-2022-32240 | 0.00 | — | 0.01 | Jun 14, 2022 | When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||
| CVE-2022-32239 | 0.00 | — | 0.01 | Jun 14, 2022 | When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||
| CVE-2022-32238 | 0.00 | — | 0.01 | Jun 14, 2022 | When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||
| CVE-2022-32237 | 0.00 | — | 0.01 | Jun 14, 2022 | When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||
| CVE-2022-32236 | 0.00 | — | 0.01 | Jun 14, 2022 | When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||
| CVE-2022-32235 | 0.00 | — | 0.01 | Jun 14, 2022 | When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||
| CVE-2022-31590 | 0.00 | — | 0.00 | Jun 14, 2022 | SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated… | |||
| CVE-2022-31589 | 0.00 | — | 0.01 | Jun 14, 2022 | Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. | |||
| CVE-2022-29618 | 0.00 | — | 0.01 | Jun 14, 2022 | Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an… | |||
| CVE-2022-29615 | 0.00 | — | 0.00 | Jun 14, 2022 | SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x. | |||
| CVE-2022-29614 | 0.00 | — | 0.00 | Jun 14, 2022 | SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, -… | |||
| CVE-2022-29612 | 0.00 | — | 0.01 | Jun 14, 2022 | SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of… | |||
| CVE-2022-27668 | 0.00 | — | 0.02 | Jun 14, 2022 | Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC… | |||
| CVE-2022-28217 | 0.00 | — | 0.01 | Jun 13, 2022 | Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise… | |||
| CVE-2022-29616 | 0.00 | — | 0.01 | May 11, 2022 | SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | |||
| CVE-2022-29613 | 0.00 | — | 0.01 | May 11, 2022 | Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the… | |||
| CVE-2022-29611 | 0.00 | — | 0.01 | May 11, 2022 | SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||
| CVE-2022-29610 | 0.00 | — | 0.00 | May 11, 2022 | SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. |
- CVE-2022-35294Sep 13, 2022risk 0.00cvss —epss 0.00
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure…
- CVE-2022-35292Sep 13, 2022risk 0.00cvss —epss 0.00
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries,…
- CVE-2022-35295Sep 13, 2022risk 0.00cvss —epss 0.01
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.
- CVE-2022-3118Sep 4, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in Sourcecodehero ERP System Project. It has been rated as critical. This issue affects some unknown processing of the file /pages/processlogin.php. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. The…
- CVE-2022-35167Aug 19, 2022risk 0.00cvss —epss 0.01
Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions.
- CVE-2022-32245Aug 9, 2022risk 0.00cvss —epss 0.00
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and…
- CVE-2022-35293Aug 9, 2022risk 0.00cvss —epss 0.01
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.
- CVE-2022-35290Aug 9, 2022risk 0.00cvss —epss 0.01
Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.
- CVE-2022-35291Jul 27, 2022risk 0.00cvss —epss 0.01
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and…
- CVE-2022-32249Jul 12, 2022risk 0.00cvss —epss 0.01
Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)
- CVE-2022-35224Jul 12, 2022risk 0.00cvss —epss 0.01
SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of…
- CVE-2022-35228Jul 12, 2022risk 0.00cvss —epss 0.00
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social…
- CVE-2022-35225Jul 12, 2022risk 0.00cvss —epss 0.01
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to…
- CVE-2022-35227Jul 12, 2022risk 0.00cvss —epss 0.01
A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script…
- CVE-2022-35172Jul 12, 2022risk 0.00cvss —epss 0.01
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
- CVE-2022-35171Jul 12, 2022risk 0.00cvss —epss 0.00
When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their…
- CVE-2022-35169Jul 12, 2022risk 0.00cvss —epss 0.01
SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system…
- CVE-2022-35170Jul 12, 2022risk 0.00cvss —epss 0.01
SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to…
- CVE-2022-35168Jul 12, 2022risk 0.00cvss —epss 0.01
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.
- CVE-2022-32247Jul 12, 2022risk 0.00cvss —epss 0.01
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker…
- CVE-2022-32248Jul 12, 2022risk 0.00cvss —epss 0.01
Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data.
- CVE-2022-31593Jul 12, 2022risk 0.00cvss —epss 0.01
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
- CVE-2022-31591Jul 12, 2022risk 0.00cvss —epss 0.00
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service
- CVE-2022-31597Jul 12, 2022risk 0.00cvss —epss 0.00
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of…
- CVE-2022-28771Jul 12, 2022risk 0.00cvss —epss 0.01
Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.
- CVE-2022-29619Jul 12, 2022risk 0.00cvss —epss 0.01
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.
- CVE-2022-31592Jul 12, 2022risk 0.00cvss —epss 0.00
The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a…
- CVE-2022-31598Jul 12, 2022risk 0.00cvss —epss 0.00
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on…
- CVE-2022-32246Jul 12, 2022risk 0.00cvss —epss 0.00
SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can…
- CVE-2022-32243Jun 14, 2022risk 0.00cvss —epss 0.01
When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
- CVE-2022-32242Jun 14, 2022risk 0.00cvss —epss 0.01
When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
- CVE-2022-32241Jun 14, 2022risk 0.00cvss —epss 0.01
When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
- CVE-2022-32240Jun 14, 2022risk 0.00cvss —epss 0.01
When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
- CVE-2022-32239Jun 14, 2022risk 0.00cvss —epss 0.01
When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
- CVE-2022-32238Jun 14, 2022risk 0.00cvss —epss 0.01
When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
- CVE-2022-32237Jun 14, 2022risk 0.00cvss —epss 0.01
When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
- CVE-2022-32236Jun 14, 2022risk 0.00cvss —epss 0.01
When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
- CVE-2022-32235Jun 14, 2022risk 0.00cvss —epss 0.01
When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
- CVE-2022-31590Jun 14, 2022risk 0.00cvss —epss 0.00
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated…
- CVE-2022-31589Jun 14, 2022risk 0.00cvss —epss 0.01
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
- CVE-2022-29618Jun 14, 2022risk 0.00cvss —epss 0.01
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an…
- CVE-2022-29615Jun 14, 2022risk 0.00cvss —epss 0.00
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x.
- CVE-2022-29614Jun 14, 2022risk 0.00cvss —epss 0.00
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, -…
- CVE-2022-29612Jun 14, 2022risk 0.00cvss —epss 0.01
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of…
- CVE-2022-27668Jun 14, 2022risk 0.00cvss —epss 0.02
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC…
- CVE-2022-28217Jun 13, 2022risk 0.00cvss —epss 0.01
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise…
- CVE-2022-29616May 11, 2022risk 0.00cvss —epss 0.01
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
- CVE-2022-29613May 11, 2022risk 0.00cvss —epss 0.01
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the…
- CVE-2022-29611May 11, 2022risk 0.00cvss —epss 0.01
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
- CVE-2022-29610May 11, 2022risk 0.00cvss —epss 0.00
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
Page 20 of 37