Filtered by vendor Sap
Subscribe
Total
1304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33662 | 1 Sap | 1 Business One | 2021-06-15 | 2.1 LOW | 4.4 MEDIUM |
| Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. | |||||
| CVE-2021-27643 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-27642 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-27641 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-27640 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-33660 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FLI file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-33661 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-33659 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-27639 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-27638 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-06-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2021-27614 | 1 Sap | 2 Business-one-hana-chef-cookbook, Business One | 2021-05-21 | 3.6 LOW | 7.1 HIGH |
| SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the integrity and availability of the application. | |||||
| CVE-2016-2388 | 1 Sap | 1 Netweaver Application Server Java | 2021-05-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. | |||||
| CVE-2021-27602 | 1 Sap | 1 Commerce | 2021-04-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the source rules and perform remote code execution enabling them to compromise the confidentiality, integrity and availability of the application. | |||||
| CVE-2018-2504 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. | |||||
| CVE-2021-21482 | 1 Sap | 1 Netweaver Master Data Management | 2021-04-20 | 4.8 MEDIUM | 8.3 HIGH |
| SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges leading to information disclosure vulnerability thereby affecting the confidentiality and integrity of the application. This happens when security guidelines and recommendations concerning administrative accounts of an SAP NetWeaver Master Data Management installation have not been thoroughly reviewed. | |||||
| CVE-2021-21492 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled. | |||||
| CVE-2021-27608 | 1 Sap | 1 Setup | 2021-04-20 | 4.4 MEDIUM | 7.5 HIGH |
| An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity and Availability. | |||||
| CVE-2016-3973 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The chat feature in the Real-Time Collaboration (RTC) services 7.3 and 7.4 in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to obtain sensitive user information by visiting webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd_chat/Chat#, pressing "Add users", and doing a search, aka SAP Security Note 2255990. | |||||
| CVE-2021-21483 | 1 Sap | 1 Solution Manager | 2021-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application. | |||||
| CVE-2016-9562 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service (null pointer exception and icman outage) via an HTTPS request to the sap.com~P4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835. | |||||