Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap gui - vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-39799
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user.
Sap Netweaver Application Server Abap Kernel 7.77
Sap Netweaver Application Server Abap 7.81
Sap Netweaver Application Server Abap 7.85
Sap Netweaver Application Server Abap 7.89
Sap Netweaver Application Server Abap 7.54
NA
CVE-2011-5154
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 up to and including 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains...
Sap Graphical User Interface 6.4
Sap Graphical User Interface 7.2
NA
CVE-2007-3608
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote malicious users to create certain files via unspecified vectors.
Sap Enjoysap
2 EDB exploits
7.5
CVSSv3
CVE-2016-10079
SAPlpd up to and including 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
Sap Saplpd
1 EDB exploit
NA
CVE-2007-3607
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote malicious users to cause a denial of service (process crash) via unspecified vectors.
Sap Enjoysap
2 EDB exploits
NA
CVE-2007-3606
Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote malicious users to execute arbitrary code via a long first argument to the LaunchGui function.
Sap Enjoysap
1 EDB exploit
6.5
CVSSv3
CVE-2021-21448
SAP GUI for Windows, version - 7.60, allows an malicious user to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be...
Sap Graphical User Interface 7.60
NA
CVE-2024-27902
Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious malicious user to access and modify data thro...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3