Vulnerabilidades en SAP SE

778 resultados
Análisis Vexday

Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.

CVE-2020-6316MEDIUMSAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leadiEPSS 0.8%CVE-2020-6302MEDIUMSAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. AEPSS 0.8%CVE-2019-0379SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default secEPSS 0.8%CVE-2020-6270MEDIUMSAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authoEPSS 0.8%CVE-2022-28216SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unautEPSS 0.8%CVE-2021-44233SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated userEPSS 0.8%CVE-2021-40502SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resultEPSS 0.8%CVE-2019-0311Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, 616, 617) does not sufficiently encode uEPSS 0.8%CVE-2019-0303SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting EPSS 0.8%CVE-2020-6315MEDIUMSAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of EPSS 0.8%CVE-2020-6209HIGHSAP Disclosure Management, version 10.1, does not perform necessary authorization checks for an authenticated user, allowing access to adminEPSS 0.8%CVE-2019-0275SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, EPSS 0.8%CVE-2021-27604HIGHIn order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise ServiEPSS 0.8%CVE-2019-0325SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a EPSS 0.8%CVE-2021-38175MEDIUMSAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gatherEPSS 0.8%CVE-2022-28215SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious siEPSS 0.8%CVE-2020-6269MEDIUMUnder certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which woEPSS 0.8%CVE-2019-0314SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessEPSS 0.8%CVE-2022-28770Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a EPSS 0.8%CVE-2022-29617Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the applicationEPSS 0.8%