Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap privileges vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-2454
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Sap Enterprise Financial Services 8.0
Sap Enterprise Financial Services 6.05
Sap Enterprise Financial Services 6.16
Sap Enterprise Financial Services 6.18
Sap Enterprise Financial Services 6.06
Sap Enterprise Financial Services 6.17
8.8
CVSSv3
CVE-2018-2455
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Sap Enterprise Financial Services 6.05
Sap Enterprise Financial Services 8.0
Sap Enterprise Financial Services 6.06
Sap Enterprise Financial Services 6.17
Sap Enterprise Financial Services 6.16
Sap Enterprise Financial Services 6.18
7.2
CVSSv3
CVE-2021-33676
A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
Sap Customer Relationship Management 700
Sap Customer Relationship Management 701
Sap Customer Relationship Management 702
Sap Customer Relationship Management 712
Sap Customer Relationship Management 713
Sap Customer Relationship Management 714
6.5
CVSSv3
CVE-2021-21488
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability...
Sap Netweaver Knowledge Management 7.01
Sap Netweaver Knowledge Management 7.02
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
5.4
CVSSv3
CVE-2024-21738
SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful e...
Sap Netweaver Application Server Abap 702
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 701
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 751
Sap Netweaver Application Server Abap 752
Sap Netweaver Application Server Abap 753
Sap Netweaver Application Server Abap 754
Sap Netweaver Application Server Abap 755
Sap Netweaver Application Server Abap 756
Sap Netweaver Application Server Abap 757
Sap Netweaver Application Server Abap 758
Sap Netweaver Application Server Abap 793
Sap Netweaver Application Server Abap 79
4.8
CVSSv3
CVE-2019-0316
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by ...
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.11
Sap Netweaver Process Integration 7.20
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.31
Sap Netweaver Process Integration 7.50
4.8
CVSSv3
CVE-2021-21489
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious scri...
Sap Netweaver Enterprise Portal 7.10
Sap Netweaver Enterprise Portal 7.11
Sap Netweaver Enterprise Portal 7.20
Sap Netweaver Enterprise Portal 7.30
Sap Netweaver Enterprise Portal 7.31
Sap Netweaver Enterprise Portal 7.40
Sap Netweaver Enterprise Portal 7.50
8.8
CVSSv3
CVE-2021-33671
SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of ...
Sap Netweaver Guided Procedures 7.10
Sap Netweaver Guided Procedures 7.20
Sap Netweaver Guided Procedures 7.30
Sap Netweaver Guided Procedures 7.31
Sap Netweaver Guided Procedures 7.40
Sap Netweaver Guided Procedures 7.50
9
CVSSv3
CVE-2020-6284
SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the executio...
Sap Netweaver Knowledge Management 7.30
Sap Netweaver Knowledge Management 7.31
Sap Netweaver Knowledge Management 7.40
Sap Netweaver Knowledge Management 7.50
1 Article
NA
CVE-2002-1576
lserver in SAP DB 7.3 and previous versions uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.
Sap Sap Db 7.3.00
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »