Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-50424
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the...
Sap Cloud-security-client-go
NA
CVE-2023-6542
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arb...
Sap Emarsys Sdk 3.6.2
NA
CVE-2023-49577
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact ...
Sap Human Capital Management S4hcmcie 100
Sap Human Capital Management Sap Hrcie 600
Sap Human Capital Management Sap Hrcie 604
Sap Human Capital Management Sap Hrcie 608
NA
CVE-2023-49578
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.
Sap Cloud Connector 2.0
NA
CVE-2023-49580
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated malicious user to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthent...
Sap Graphical User Interface Sap Basis 755
Sap Graphical User Interface Sap Basis 756
Sap Graphical User Interface Sap Basis 757
Sap Graphical User Interface Sap Basis 758
NA
CVE-2023-49581
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated malicious user to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated malicious user to write data to a database table. By doing so th...
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 750
NA
CVE-2023-49583
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Sap \\@sap\\/xssec
1 Article
NA
CVE-2023-49584
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an malicious user to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.
Sap Fiori Launchpad 754
Sap Fiori Launchpad 750
Sap Fiori Launchpad 755
Sap Fiori Launchpad 756
Sap Fiori Launchpad 757
Sap Fiori Launchpad 758
Sap Fiori Launchpad 700
Sap Fiori Launchpad 200
Sap Fiori Launchpad 793
NA
CVE-2023-49587
SAP Solution Manager - version 720, allows an authorized malicious user to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.
Sap Solution Manager 720
NA
CVE-2023-50422
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to prior to 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacke...
Sap Cloud-security-services-integration-library
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »