Vulnerabilidades em SAP SE
778 resultadosAnálise Vexday
Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.
CVE-2021-27589MEDIUMWhen a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted sources in SAP 3D Visual Enterprise VieweEPSS 1.2%CVE-2021-27590MEDIUMWhen a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer EPSS 1.2%CVE-2021-27586MEDIUMWhen a user opens manipulated Interchange File Format (.IFF) format files received from untrusted sources in SAP 3D Visual Enterprise ViewerEPSS 1.2%CVE-2019-0282—Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be aEPSS 1.2%CVE-2020-6253HIGHUnder certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafteEPSS 1.2%CVE-2020-6236HIGHSAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change owEPSS 1.2%CVE-2021-38176CRITICALDue to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed inEPSS 1.2%CVE-2020-6374MEDIUMSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sourcEPSS 1.2%CVE-2020-6372MEDIUMSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crEPSS 1.2%CVE-2020-26817MEDIUMSAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in EPSS 1.2%CVE-2020-6373MEDIUMSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crEPSS 1.2%CVE-2020-6186HIGHSAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of theEPSS 1.2%CVE-2022-35295—In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.EPSS 1.2%CVE-2018-2370—Server Side Request Forgery (SSRF) vulnerability in SAP Central Management Console, BI Launchpad and Fiori BI Launchpad, 4.10, from 4.20, frEPSS 1.2%CVE-2022-27671—A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.EPSS 1.2%CVE-2021-37535CRITICALSAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authEPSS 1.2%CVE-2020-26826MEDIUMProcess Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including scripEPSS 1.2%CVE-2021-27625MEDIUMSAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing sEPSS 1.2%CVE-2021-27627MEDIUMSAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing sEPSS 1.2%CVE-2021-27624MEDIUMSAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing sEPSS 1.2%