Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap privileges vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-5154
Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and (2) BExAnalyzer.exe in SAP GUI 6.4 up to and including 7.2 allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains...
Sap Graphical User Interface 6.4
Sap Graphical User Interface 7.2
8.8
CVSSv3
CVE-2022-41203
In some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privileges can intercept a serialized object in the parameters and substitute with another malicious serialized object, which leads to deserializa...
Sap Businessobjects Business Intelligence 4.3
Sap Businessobjects Business Intelligence 4.2
1 Article
7.2
CVSSv3
CVE-2023-28762
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platf...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
4.3
CVSSv3
CVE-2021-27605
SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized malicious user to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read...
Sap Fiori Apps 2.0 For Travel Management In Sap Erp
4.4
CVSSv3
CVE-2021-21470
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlle...
Sap Enterprise Performance Management 1010
Sap Enterprise Performance Management 2.8
7.8
CVSSv3
CVE-2022-31591
SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service
Sap Businessobjects Bw Publisher Service 420
Sap Businessobjects Bw Publisher Service 430
6.1
CVSSv3
CVE-2023-0018
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these rep...
Sap Businessobjects Business Intelligence Platform 420
Sap Businessobjects Business Intelligence Platform 430
8.3
CVSSv3
CVE-2021-21482
SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrativ...
Sap Netweaver Master Data Management 7.10.750
Sap Netweaver Master Data Management 710
NA
CVE-2015-4161
SAP Afaria does not properly restrict access to unspecified functionality, which allows remote malicious users to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.
Sap Afaria -
8.8
CVSSv3
CVE-2023-25616
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an malicious user to gain access to resources that are allowed by extra privileges. Successful atta...
Sap Business Objects Business Intelligence Platform 430
Sap Business Objects Business Intelligence Platform 420
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »