Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-30743
Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the ab...
Sap Sapui5 700
Sap Sapui5 750
Sap Sapui5 754
Sap Sapui5 755
Sap Sapui5 756
Sap Sapui5 757
6.5
CVSSv3
CVE-2019-0293
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, prior to 2008_1_700, 2008_1_710, and 740).
Sap Sap Solution Manager System 2008 1 710
Sap Sap Solution Manager System 2008 1 740
Sap Sap Solution Manager System 2008 1 700
5.3
CVSSv3
CVE-2018-2428
Under certain conditions SAP UI5 Handler allows an malicious user to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00.
Sap Ui 7.52
Sap Infrastructure 1.0
Sap Ui 2.0
Sap Ui 7.5
Sap Ui 7.4
Sap Ui 7.51
6.1
CVSSv3
CVE-2018-2505
SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. Fixed in versions (SAP Hybris Commerce, versions 6.2, 6.3, 6.4, 6.5, 6.6, 6.7).
Sap Hybris 6.2
Sap Hybris 6.4
Sap Hybris 6.5
Sap Hybris 6.6
Sap Hybris 6.3
Sap Hybris 6.7
NA
CVE-2006-1039
SAP Web Application Server (WebAS) Kernel prior to 7.0 allows remote malicious users to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Sap Sap Web Application Server 6.20
Sap Sap Web Application Server 6.40
Sap Sap Web Application Server 6.10
1 EDB exploit
NA
CVE-2014-1965
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 up to and including 7.02, and 7.10 up to and including 7.11 for SAP NetWeaver allows remote malicious users to inject arbitrary w...
Sap Netweaver 7.10
Sap Netweaver 3.0
Sap Netweaver 7.0
Sap Netweaver 7.01
Sap Netweaver 7.02
Sap Netweaver 7.11
NA
CVE-2013-5751
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote malicious users to read arbitrary files via unspecified vectors.
Sap Netweaver 7.0
Sap Netweaver 7.01
Sap Netweaver 7.02
Sap Netweaver 7.03
Sap Netweaver 7.10
Sap Netweaver 7.30
NA
CVE-2009-4603
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote malicious users to cause a denial of service (Management Console shutdown) via a crafted r...
Sap Sap Kernel 7.00
Sap Sap Kernel 7.01
Sap Sap Kernel 7.10
Sap Sap Kernel 7.11
Sap Sap Kernel 6.40
Sap Sap Kernel 7.20
8.2
CVSSv3
CVE-2023-33991
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful...
Sap Ui 750
Sap Ui 754
Sap Ui 755
Sap Ui 756
Sap Ui 757
Sap Ui 700
6.1
CVSSv3
CVE-2023-0021
Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated malicious user to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints...
Sap Netweaver 701
Sap Netweaver 702
Sap Netweaver 700
Sap Netweaver 731
Sap Netweaver 740
Sap Netweaver 750
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »