Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap privileges vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2018-2455
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Sap Enterprise Financial Services 6.05
Sap Enterprise Financial Services 8.0
Sap Enterprise Financial Services 6.06
Sap Enterprise Financial Services 6.17
Sap Enterprise Financial Services 6.16
Sap Enterprise Financial Services 6.18
641
VMScore
CVE-2003-0938
vos24u.c in SAP database server (SAP DB) 7.4.03.27 and previous versions allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLA...
Sap Sap Db
578
VMScore
CVE-2021-33676
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
Sap Customer Relationship Management 700
Sap Customer Relationship Management 701
Sap Customer Relationship Management 702
Sap Customer Relationship Management 712
Sap Customer Relationship Management 713
Sap Customer Relationship Management 714
356
VMScore
CVE-2021-21488
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability...
Sap Netweaver Knowledge Management 7.01
Sap Netweaver Knowledge Management 7.02
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
NA
CVE-2024-21738
SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful e...
Sap Netweaver Application Server Abap 702
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 701
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 751
Sap Netweaver Application Server Abap 752
Sap Netweaver Application Server Abap 753
Sap Netweaver Application Server Abap 754
Sap Netweaver Application Server Abap 755
Sap Netweaver Application Server Abap 756
Sap Netweaver Application Server Abap 757
Sap Netweaver Application Server Abap 758
Sap Netweaver Application Server Abap 793
Sap Netweaver Application Server Abap 79
312
VMScore
CVE-2021-21489
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious scri...
Sap Netweaver Enterprise Portal 7.10
Sap Netweaver Enterprise Portal 7.11
Sap Netweaver Enterprise Portal 7.20
Sap Netweaver Enterprise Portal 7.30
Sap Netweaver Enterprise Portal 7.31
Sap Netweaver Enterprise Portal 7.40
Sap Netweaver Enterprise Portal 7.50
312
VMScore
CVE-2019-0316
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by ...
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.11
Sap Netweaver Process Integration 7.20
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.31
Sap Netweaver Process Integration 7.50
578
VMScore
CVE-2021-33671
SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of ...
Sap Netweaver Guided Procedures 7.10
Sap Netweaver Guided Procedures 7.20
Sap Netweaver Guided Procedures 7.30
Sap Netweaver Guided Procedures 7.31
Sap Netweaver Guided Procedures 7.40
Sap Netweaver Guided Procedures 7.50
756
VMScore
CVE-2020-6284
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the executio...
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
1 Article
NA
CVE-2022-35294
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure includ...
Sap Netweaver Application Server Abap Krnl64nuc 7.22
Sap Netweaver Application Server Abap Kernel 7.22
Sap Netweaver Application Server Abap Krnl64uc 7.22
Sap Netweaver Application Server Abap 7.49
Sap Netweaver Application Server Abap 7.53
Sap Netweaver Application Server Abap 7.77
Sap Netweaver Application Server Abap 7.81
Sap Netweaver Application Server Abap 7.22ext
Sap Netweaver Application Server Abap 7.85
Sap Netweaver Application Server Abap 7.89
Sap Netweaver Application Server Abap 7.54
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »