Sap: Security Vulnerabilities
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-06-06
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-11
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-05-11
During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-05-11
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-05-11
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-05-11
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-05-11
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-05-11
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-04-12
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-04-12