Sap: Security Vulnerabilities
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-05-11
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-05-11
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-05-11
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-12
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-04-12
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.
CVSS Score
2.7
EPSS Score
0.003
Published
2022-04-12
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-04-12
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-04-12
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-04-12
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.
CVSS Score
6.5
EPSS Score
0.008
Published
2022-04-12