Filtered by vendor Sap
Subscribe
Total
1487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31597 | 1 Sap | 2 S\/4hana, Sapscore | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. | |||||
| CVE-2022-31595 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2022-31594 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. | |||||
| CVE-2022-31593 | 1 Sap | 1 Business One | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2022-31592 | 1 Sap | 1 Enterprise Extension Defense Forces \& Public Security | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. | |||||
| CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | |||||
| CVE-2022-31590 | 1 Sap | 1 Powerdesigner Proxy | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | |||||
| CVE-2022-31589 | 1 Sap | 3 Erp Financial Accounting, Erp Localization For Cee Countries, S\/4hana | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. | |||||
| CVE-2022-29619 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. | |||||
| CVE-2022-29618 | 1 Sap | 1 Netweaver Development Infrastructure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-29617 | 1 Sap | 1 Contributor License Agreement Assistant | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. | |||||
| CVE-2022-29616 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | |||||
| CVE-2022-29615 | 1 Sap | 1 Netweaver Developer Studio | 2024-11-21 | 3.6 LOW | 3.4 LOW |
| SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x. | |||||
| CVE-2022-29614 | 1 Sap | 2 Host Agent, Netweaver Abap | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
| SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | |||||
| CVE-2022-29613 | 1 Sap | 1 Employee Self Service | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. | |||||
| CVE-2022-29612 | 1 Sap | 2 Host Agent, Netweaver Abap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. | |||||
| CVE-2022-29611 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2022-29610 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | |||||
| CVE-2022-28774 | 1 Sap | 1 Host Agent | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. | |||||
| CVE-2022-28773 | 1 Sap | 2 Netweaver, Web Dispatcher | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. | |||||