← Back

Sap

sap

1,576 CVEs • 429 products

Products (429)

Click to collapse
Toggle
3d Visual Enterprise Viewer
3d_visual_enterprise_viewer
131 CVEs
Netweaver
netweaver
102 CVEs
Netweaver Application Server Abap
netweaver_application_server_abap
86 CVEs
Businessobjects Business Intelligence Platform
businessobjects_business_intelligence_platform
73 CVEs
Netweaver Application Server Java
netweaver_application_server_java
69 CVEs
Businessobjects Business Intelligence
businessobjects_business_intelligence
45 CVEs
Hana
hana
38 CVEs
Solution Manager
solution_manager
33 CVEs
Business One
business_one
31 CVEs
Internet Graphics Server
internet_graphics_server
28 CVEs
3d Visual Enterprise Author
3d_visual_enterprise_author
27 CVEs
Businessobjects
businessobjects
23 CVEs
Netweaver Abap
netweaver_abap
21 CVEs
Netweaver Process Integration
netweaver_process_integration
21 CVEs
Netweaver Enterprise Portal
netweaver_enterprise_portal
20 CVEs
Hana Extended Application Services
hana_extended_application_services
18 CVEs
Sap Basis
sap_basis
18 CVEs
Commerce Cloud
commerce_cloud
18 CVEs
Business Objects Business Intelligence Platform
business_objects_business_intelligence_platform
18 CVEs
S/4hana
s/4hana
17 CVEs
Disclosure Management
disclosure_management
16 CVEs
Host Agent
host_agent
15 CVEs
Adaptive Server Enterprise
adaptive_server_enterprise
14 CVEs
Enable Now
enable_now
14 CVEs
S4core
s4core
13 CVEs
Sap Db
sap_db
12 CVEs
Customer Relationship Management Webclient Ui
customer_relationship_management_webclient_ui
12 CVEs
Netweaver As Abap
netweaver_as_abap
12 CVEs
Abap Platform
abap_platform
12 CVEs
Sap Web Application Server
sap_web_application_server
11 CVEs
Sap Kernel
sap_kernel
11 CVEs
Supplier Relationship Management
supplier_relationship_management
11 CVEs
Web Dispatcher
web_dispatcher
11 CVEs
Customer Relationship Management
customer_relationship_management
10 CVEs
Netweaver As Abap Business Server Pages
netweaver_as_abap_business_server_pages
10 CVEs
Commerce
commerce
10 CVEs
Internet Transaction Server
internet_transaction_server
9 CVEs
Netweaver Application Server For Java
netweaver_application_server_for_java
9 CVEs
Rfc Library
rfc_library
8 CVEs
Maxdb
maxdb
8 CVEs
Sql Anywhere
sql_anywhere
8 CVEs
Mobile Platform
mobile_platform
8 CVEs
Trex
trex
8 CVEs
Hybris
hybris
8 CVEs
Hana Database
hana_database
8 CVEs
Cloud Connector
cloud_connector
8 CVEs
Landscape Management
landscape_management
8 CVEs
Business Connector
business_connector
7 CVEs
Crystal Reports
crystal_reports
7 CVEs
Afaria
afaria
7 CVEs
Sapscore
sapscore
7 CVEs
S/4 Hana
s/4_hana
7 CVEs
Business Warehouse
business_warehouse
7 CVEs
Netweaver As Internet Graphics Server
netweaver_as_internet_graphics_server
7 CVEs
Sapgui
sapgui
6 CVEs
Erp
erp
6 CVEs
Businessobjects Edge
businessobjects_edge
6 CVEs
Content Server
content_server
6 CVEs
Business Application Software Integrated Solution
business_application_software_integrated_solution
6 CVEs
Business Planning And Consolidation
business_planning_and_consolidation
6 CVEs
Basis
basis
6 CVEs
Fiori Client
fiori_client
6 CVEs
Financial Consolidation
financial_consolidation
6 CVEs
Netweaver Knowledge Management
netweaver_knowledge_management
6 CVEs
Customer Relationship Management S4fnd
customer_relationship_management_s4fnd
6 CVEs
Sap R 3
sap_r_3
5 CVEs
Crystal Reports Server
crystal_reports_server
5 CVEs
Netweaver Java Application Server
netweaver_java_application_server
5 CVEs
Gui For Windows
gui_for_windows
5 CVEs
S4fnd
s4fnd
5 CVEs
Bw/4hana
bw/4hana
5 CVEs
Advanced Business Application Programming Platform Kernel
advanced_business_application_programming_platform_kernel
5 CVEs
Businessobjects Web Intelligence
businessobjects_web_intelligence
5 CVEs
Netweaver As Abap Krnl64uc
netweaver_as_abap_krnl64uc
5 CVEs
Powerdesigner
powerdesigner
5 CVEs
Enjoysap
enjoysap
4 CVEs
Saplpd
saplpd
4 CVEs
Netweaver Development Infrastructure
netweaver_development_infrastructure
4 CVEs
J2ee Engine
j2ee_engine
4 CVEs
Enterprise Portal
enterprise_portal
4 CVEs
Netweaver Abap Application Server
netweaver_abap_application_server
4 CVEs
Commoncryptolib
commoncryptolib
4 CVEs
Business Client
business_client
4 CVEs
Identity Management
identity_management
4 CVEs
Ui
ui
4 CVEs
Businessobjects Bi Platform
businessobjects_bi_platform
4 CVEs
Fiori
fiori
4 CVEs
Advanced Business Application Programming Platform Krnl64nuc
advanced_business_application_programming_platform_krnl64nuc
4 CVEs
Advanced Business Application Programming Platform Krnl64uc
advanced_business_application_programming_platform_krnl64uc
4 CVEs
Diagnostics Agent
diagnostics_agent
4 CVEs
Fiori Launchpad
fiori_launchpad
4 CVEs
Focused Run
focused_run
4 CVEs
Contact Center
contact_center
4 CVEs
Netweaver As Abap Kernel
netweaver_as_abap_kernel
4 CVEs
Netweaver As Abap Krnl64nuc
netweaver_as_abap_krnl64nuc
4 CVEs
Application Interface Framework
application_interface_framework
4 CVEs
Sapsprint
sapsprint
3 CVEs
Graphical User Interface
graphical_user_interface
3 CVEs
Erp Central Component
erp_central_component
3 CVEs
Network Interface Router
network_interface_router
3 CVEs

CVEs (1,576)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-26109
1Sap
13d Visual Enterprise Viewer
Nov 21, 2024
Apr 12, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable t...Show more
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.Show less
CVE-2022-26108
1Sap
13d Visual Enterprise Viewer
Nov 21, 2024
Apr 12, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user un...Show more
When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.Show less
CVE-2022-26107
1Sap
13d Visual Enterprise Viewer
Nov 21, 2024
Apr 12, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the...Show more
When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.Show less
CVE-2022-26106
1Sap
13d Visual Enterprise Viewer
Nov 21, 2024
Apr 12, 2022
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable...Show more
When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.Show less
CVE-2022-26105
1Sap
1Netweaver Enterprise Portal
Nov 21, 2024
Apr 12, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interact...Show more
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.Show less
CVE-2022-22541
1Sap
1Businessobjects Business Intelligence Platform
Nov 21, 2024
Apr 12, 2022
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of com...Show more
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access.Show less
CVE-2022-27658
1Sap
1Innovation Management
Nov 21, 2024
Mar 28, 2022
N/A· v4
7.5 HIGH· v3
4.3 MEDIUM· v2
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
CVE-2022-26104
1Sap
1Financial Consolidation
Nov 21, 2024
Mar 10, 2022
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
CVE-2022-26103
1Sap
1Netweaver Application Server Java
Nov 21, 2024
Mar 10, 2022
N/A· v4
5.3 MEDIUM· v3
4.3 MEDIUM· v2
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
CVE-2022-26102
1Sap
1Netweaver Application Server Abap
Nov 21, 2024
Mar 10, 2022
N/A· v4
5.4 MEDIUM· v3
5.5 MEDIUM· v2
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available wi...Show more
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.Show less
CVE-2022-26101
1Sap
1Fiori Launchpad
Nov 21, 2024
Mar 10, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2022-26100
1Sap
1Sapcar
Nov 21, 2024
Mar 10, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.
CVE-2022-24399
1Sap
1Focused Run
Nov 21, 2024
Mar 10, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2022-24398
1Sap
1Business Objects Business Intelligence Platform
Nov 21, 2024
Mar 10, 2022
N/A· v4
6.5 MEDIUM· v3
3.5 LOW· v2
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.
CVE-2022-24397
1Sap
1Netweaver Enterprise Portal
Nov 21, 2024
Mar 10, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting...Show more
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser.Show less
CVE-2022-24396
1Sap
1Simple Diagnostics Agent
Nov 21, 2024
Mar 10, 2022
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, a...Show more
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.Show less
CVE-2022-24395
1Sap
1Netweaver Enterprise Portal
Nov 21, 2024
Mar 10, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2022-22547
1Sap
1Simple Diagnostics Agent
Nov 21, 2024
Mar 10, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be u...Show more
Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.Show less
CVE-2022-22546
1Sap
1Businessobjects Web Intelligence
Nov 21, 2024
Feb 9, 2022
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.
CVE-2022-22545
1Sap
1Netweaver Abap
Nov 21, 2024
Feb 9, 2022
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 7...Show more
A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.Show less