Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-47894
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 prior to 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict acces...
NA
CVE-2024-28167
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient...
NA
CVE-2024-25646
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated malicious user to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the applicat...
NA
CVE-2024-30216
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integri...
NA
CVE-2024-30217
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the applicat...
NA
CVE-2024-30218
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an malicious user to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.
NA
CVE-2024-27898
SAP NetWeaver application, due to insufficient input validation, allows an malicious user to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in ...
NA
CVE-2024-27901
SAP Asset Accounting could allow a high privileged malicious user to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the app...
NA
CVE-2024-22127
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the malicious user to run commands which can caus...
NA
CVE-2024-28163
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an malicious user to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the app...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »