Vulnerabilidades en SAP
159 resultadosCVE-2018-2470—In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encEPSS 1.0%CVE-2018-2431—SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in CEPSS 1.0%CVE-2021-21316MEDIUMArbitrary code execution in less-openui5EPSS 1.0%CVE-2023-27269CRITICALDirectory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP PlatformEPSS 1.0%CVE-2023-27500CRITICALDirectory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP PlatformEPSS 1.0%CVE-2023-27501HIGHDirectory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform EPSS 1.0%CVE-2018-2476—Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.EPSS 1.0%CVE-2017-16681—Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as userEPSS 1.0%CVE-2017-16685—Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insEPSS 1.0%CVE-2023-25616CRITICALCode Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)EPSS 0.9%CVE-2018-2497—The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntaxEPSS 0.9%CVE-2023-25617CRITICALOS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)EPSS 0.9%CVE-2018-2483—HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMCEPSS 0.9%CVE-2018-2489—Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. SAP Fiori Client vEPSS 0.9%CVE-2017-16678—Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.EPSS 0.9%CVE-2017-16679—URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7EPSS 0.9%CVE-2018-2457—Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwEPSS 0.9%CVE-2022-41264HIGHDue to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 7EPSS 0.9%CVE-2022-41267CRITICALSAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on BusinEPSS 0.8%CVE-2018-2491—When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If thisEPSS 0.8%