Filtered by vendor Sap
Subscribe
Total
1496 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41262 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | N/A | 6.1 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality and integrity of the application. | |||||
| CVE-2022-41261 | 2 Microsoft, Sap | 2 Windows, Solution Manager | 2024-11-21 | N/A | 6.0 MEDIUM |
| SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized. | |||||
| CVE-2022-41260 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | N/A | 6.1 MEDIUM |
| SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-41259 | 1 Sap | 1 Sql Anywhere | 2024-11-21 | N/A | 6.5 MEDIUM |
| SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | |||||
| CVE-2022-41258 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | N/A | 6.5 MEDIUM |
| Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application. | |||||
| CVE-2022-41215 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 4.7 MEDIUM |
| SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | |||||
| CVE-2022-41214 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 8.7 HIGH |
| Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application. | |||||
| CVE-2022-41212 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 4.9 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. | |||||
| CVE-2022-41211 | 1 Sap | 2 3d Visual Enterprise Author, 3d Visual Enterprise Viewer | 2024-11-21 | N/A | 7.0 HIGH |
| Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured. | |||||
| CVE-2022-41208 | 1 Sap | 1 Financial Consolidation | 2024-11-21 | N/A | 5.4 MEDIUM |
| Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-41207 | 1 Sap | 1 Biller Direct | 2024-11-21 | N/A | 6.1 MEDIUM |
| SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information. | |||||
| CVE-2022-41205 | 2 Microsoft, Sap | 2 Windows, Gui | 2024-11-21 | N/A | 5.5 MEDIUM |
| SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. | |||||
| CVE-2022-41203 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | N/A | 8.8 HIGH |
| In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserialization of untrusted data vulnerability. This could highly compromise the Confidentiality, Integrity, and Availability of the system. | |||||
| CVE-2022-41200 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
| CVE-2022-41198 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated SketchUp (.skp, SketchUp.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
| CVE-2022-41197 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-41196 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
| CVE-2022-41195 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated EAAmiga Interchange File Format (.iff, 2d.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
| CVE-2022-41194 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Postscript (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-41193 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | N/A | 7.8 HIGH |
| Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||