Vulnerabilidades en SAP
159 resultadosCVE-2022-41268HIGHIn some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200EPSS 0.6%CVE-2023-29185MEDIUMDenial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)EPSS 0.6%CVE-2023-27271MEDIUMServer Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platformEPSS 0.6%CVE-2022-41271CRITICALAn unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PEPSS 0.6%CVE-2022-41274MEDIUMSAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read seEPSS 0.6%CVE-2023-26458MEDIUM Information Disclosure vulnerability in SAP Landscape ManagementEPSS 0.6%CVE-2023-24530HIGHSAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code thEPSS 0.6%CVE-2018-2503—By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. ThisEPSS 0.6%CVE-2018-2434—A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which mighEPSS 0.6%CVE-2023-25615MEDIUMSQL Injection vulnerability in SAP ABAP PlatformEPSS 0.5%CVE-2023-27498HIGHMemory Corruption vulnerability in SAP Host Agent (SAPOSCOL)EPSS 0.5%CVE-2023-23857CRITICALImproper Access Control in SAP NetWeaver AS for JavaEPSS 0.5%CVE-2023-0018CRITICALCross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)EPSS 0.5%CVE-2023-24524MEDIUMSAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in EPSS 0.5%CVE-2023-27896MEDIUMServer Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platformEPSS 0.5%CVE-2023-26461MEDIUMXML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)EPSS 0.5%CVE-2023-0023MEDIUMInformation Disclosure in SAP Bank Account Management (Manage Banks)EPSS 0.5%CVE-2023-24528MEDIUMSAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600, allows an authenticated attacker to exploit a certain mEPSS 0.5%CVE-2023-26460MEDIUMImproper Access Control in SAP NetWeaver AS Java (Cache Management Service)EPSS 0.5%CVE-2022-41273MEDIUMDue to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to EPSS 0.5%