Vulnerabilidades em SAP SE
778 resultadosAnálise Vexday
Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.
CVE-2021-21488MEDIUMKnowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controllEPSS 1.3%CVE-2021-44231—Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby EPSS 1.3%CVE-2020-6304MEDIUMImproper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EPSS 1.3%CVE-2020-26823CRITICALSAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorizatEPSS 1.3%CVE-2020-26824CRITICALSAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorizatEPSS 1.3%CVE-2020-26822CRITICALSAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorizatEPSS 1.3%CVE-2022-27667—Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacEPSS 1.3%CVE-2022-22544—Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected DiagnosticsEPSS 1.3%CVE-2019-0247—SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could theEPSS 1.3%CVE-2018-2381—SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, EPSS 1.3%CVE-2020-6219CRITICALSAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2EPSS 1.3%CVE-2021-40500—SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missEPSS 1.3%CVE-2018-2409MEDIUMImproper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of EPSS 1.3%CVE-2021-38178—The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 7EPSS 1.3%CVE-2019-0349—SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT,EPSS 1.2%CVE-2021-33699HIGHTask Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifesEPSS 1.2%CVE-2018-2361—In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization thanEPSS 1.2%CVE-2021-21473MEDIUMSAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function modulEPSS 1.2%CVE-2021-27588MEDIUMWhen a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the applicatioEPSS 1.2%CVE-2021-27589MEDIUMWhen a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise VieweEPSS 1.2%