Vulnerabilidades en SAP SE
778 resultadosAnálisis Vexday
Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.
CVE-2022-35290HIGHUnder certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.EPSS 0.7%CVE-2020-6221MEDIUMWeb Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode userEPSS 0.6%CVE-2019-0361—SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently EPSS 0.6%CVE-2020-6226MEDIUMSAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controEPSS 0.6%CVE-2020-6326MEDIUMSAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, wheEPSS 0.6%CVE-2020-6231MEDIUMSAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controEPSS 0.6%CVE-2020-6214MEDIUMSAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reporEPSS 0.6%CVE-2020-26825MEDIUMSAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad EPSS 0.6%CVE-2020-6323—SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and EPSS 0.6%CVE-2021-21445MEDIUMSAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to include invalidated data in the HTTP responEPSS 0.6%CVE-2021-27598MEDIUMSAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data lEPSS 0.6%CVE-2020-6291MEDIUMSAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authentEPSS 0.6%CVE-2019-0316—SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validaEPSS 0.6%CVE-2021-33688—SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to fraEPSS 0.6%CVE-2021-42067—In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker EPSS 0.6%CVE-2020-6195MEDIUMSAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to InformatioEPSS 0.6%CVE-2020-6256MEDIUMSAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details withEPSS 0.6%CVE-2020-6204MEDIUMThe selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618EPSS 0.6%CVE-2022-35293CRITICALDue to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploiEPSS 0.6%CVE-2019-0283—SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital SignatuEPSS 0.6%