Vulnerabilities
Vulnerable Software
Sap:  Security Vulnerabilities
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access.
CVSS Score
6.5
EPSS Score
0.008
Published
2022-04-12
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVSS Score
6.1
EPSS Score
0.009
Published
2022-04-12
When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
6.5
EPSS Score
0.01
Published
2022-04-12
When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
6.5
EPSS Score
0.01
Published
2022-04-12
When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
6.5
EPSS Score
0.009
Published
2022-04-12
When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVSS Score
6.5
EPSS Score
0.01
Published
2022-04-12
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-03-28
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
CVSS Score
5.3
EPSS Score
0.007
Published
2022-03-10
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
CVSS Score
5.3
EPSS Score
0.007
Published
2022-03-10
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.
CVSS Score
5.4
EPSS Score
0.005
Published
2022-03-10


Contact Us

Shodan ® - All rights reserved