Vulnerabilities in SAP SE

778 results
Vexday analysis

Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.

CVE-2021-38164MEDIUMSAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, EPSS 0.5%CVE-2022-35228SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricteEPSS 0.5%CVE-2021-33679MEDIUMThe SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script EPSS 0.5%CVE-2021-33696MEDIUMSAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputEPSS 0.5%CVE-2022-32244Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) sysEPSS 0.5%CVE-2021-42061SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, reEPSS 0.5%CVE-2019-0398Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 aEPSS 0.5%CVE-2021-33694MEDIUMSAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to EPSS 0.4%CVE-2022-35171When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the appliEPSS 0.4%CVE-2022-31592The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does noEPSS 0.4%CVE-2022-32245SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensiEPSS 0.4%CVE-2022-29614SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22EPSS 0.4%CVE-2022-39799MEDIUMAn attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflEPSS 0.4%CVE-2020-6289MEDIUMSAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user iEPSS 0.4%CVE-2022-41215MEDIUMSAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URLEPSS 0.4%CVE-2021-21482HIGHSAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to EPSS 0.4%CVE-2022-35294An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is tEPSS 0.4%CVE-2019-0402SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leaEPSS 0.4%CVE-2021-42066SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypteEPSS 0.4%CVE-2022-29610SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could resultEPSS 0.4%