Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap security vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-42062
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impac...
Sap Erp Human Capital Management 604
Sap Erp Human Capital Management 608
Sap Erp Human Capital Management 600
8.8
CVSSv3
CVE-2020-6219
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and ...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Crystal Reports For Visual Studio 2010
1 Article
7.5
CVSSv3
CVE-2017-7696
SAP AS JAVA SSO Authentication Library 2.0 up to and including 3.0 allow remote malicious users to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.
Sap Sso Authentication Library 3.0
Sap Sso Authentication Library 2.0
7.5
CVSSv3
CVE-2021-21469
When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any ...
Sap Netweaver Master Data Management 7.10.750
Sap Netweaver Master Data Management 710
Sap Netweaver Master Data Management 7.10
NA
CVE-2002-1576
lserver in SAP DB 7.3 and previous versions uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.
Sap Sap Db 7.3.00
1 EDB exploit
8.8
CVSSv3
CVE-2020-6243
Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an malicious user to read, modify, delete restric...
Sap Adaptive Server Enterprise 16.0
Sap Adaptive Server Enterprise 15.7
1 Article
NA
CVE-2014-0995
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and previous versions allows remote malicious users to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.
Sap Netweaver
Sap Netweaver 7.20
1 EDB exploit
5.4
CVSSv3
CVE-2020-6278
SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an malicious user to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scr...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
1 Article
5.4
CVSSv3
CVE-2020-6222
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
1 Article
5.5
CVSSv3
CVE-2016-5845
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote malicious users to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
Sap Sapcar -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »