Vulnerabilities in SAP SE

778 results
CVE-2019-0351A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.EPSS 2.5%CVE-2018-2360SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and EPSS 2.5%CVE-2022-22547Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted EPSS 2.5%CVE-2019-0274SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service EPSS 2.4%CVE-2022-27657A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient vEPSS 2.4%CVE-2018-2424CRITICALSAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being adEPSS 2.4%CVE-2020-26836LOWSAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulneEPSS 2.3%CVE-2022-22532In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7EPSS 2.3%CVE-2019-0345A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versEPSS 2.3%CVE-2019-0268SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML documenEPSS 2.2%CVE-2019-0330The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attEPSS 2.2%CVE-2019-0277SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated deEPSS 2.2%CVE-2020-26832HIGHSAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2EPSS 2.2%CVE-2020-26838CRITICALSAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows aEPSS 2.2%CVE-2019-0327SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2EPSS 2.1%CVE-2019-0307Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communicatEPSS 2.1%CVE-2019-0403SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading toEPSS 2.1%CVE-2019-0265SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding thEPSS 2.1%CVE-2020-26809MEDIUMSAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/mediEPSS 2.0%CVE-2019-0259SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file (including script files) without properEPSS 2.0%