Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Total 1139 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31594 1 Sap 1 Adaptive Server Enterprise 2022-06-24 7.2 HIGH 6.7 MEDIUM
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system.
CVE-2022-32236 1 Sap 1 3d Visual Enterprise Viewer 2022-06-24 4.3 MEDIUM 5.5 MEDIUM
When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32235 1 Sap 1 3d Visual Enterprise Viewer 2022-06-24 4.3 MEDIUM 5.5 MEDIUM
When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-31595 1 Sap 1 Adaptive Server Enterprise 2022-06-24 6.5 MEDIUM 8.8 HIGH
SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2022-31590 1 Sap 1 Powerdesigner Proxy 2022-06-24 7.2 HIGH 7.8 HIGH
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.
CVE-2022-29615 1 Sap 1 Netweaver Developer Studio 2022-06-24 3.6 LOW 3.4 LOW
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x.
CVE-2022-29618 1 Sap 1 Netweaver Development Infrastructure 2022-06-24 4.3 MEDIUM 6.1 MEDIUM
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVE-2022-29614 1 Sap 2 Host Agent, Netweaver Abap 2022-06-24 4.6 MEDIUM 5.0 MEDIUM
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
CVE-2022-27668 1 Sap 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more 2022-06-24 7.5 HIGH 9.8 CRITICAL
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
CVE-2022-32240 1 Sap 1 3d Visual Enterprise Viewer 2022-06-23 4.3 MEDIUM 5.5 MEDIUM
When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32241 1 Sap 1 3d Visual Enterprise Viewer 2022-06-23 4.3 MEDIUM 5.5 MEDIUM
When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32242 1 Sap 1 3d Visual Enterprise Viewer 2022-06-23 4.3 MEDIUM 5.5 MEDIUM
When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32243 1 Sap 1 3d Visual Enterprise Viewer 2022-06-23 4.3 MEDIUM 5.5 MEDIUM
When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32237 1 Sap 1 3d Visual Enterprise Viewer 2022-06-22 4.3 MEDIUM 5.5 MEDIUM
When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32238 1 Sap 1 3d Visual Enterprise Viewer 2022-06-22 4.3 MEDIUM 5.5 MEDIUM
When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-32239 1 Sap 1 3d Visual Enterprise Viewer 2022-06-22 4.3 MEDIUM 3.3 LOW
When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-29612 1 Sap 2 Host Agent, Netweaver Abap 2022-06-22 4.0 MEDIUM 4.3 MEDIUM
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.
CVE-2022-24396 1 Sap 1 Simple Diagnostics Agent 2022-06-21 7.2 HIGH 7.8 HIGH
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.
CVE-2022-22547 1 Sap 1 Simple Diagnostics Agent 2022-06-21 5.0 MEDIUM 7.5 HIGH
Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.
CVE-2022-26101 1 Sap 1 Fiori Launchpad 2022-06-21 4.3 MEDIUM 6.1 MEDIUM
Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.