Vulnerabilidades em SAP SE
778 resultadosAnálise Vexday
Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.
CVE-2022-22541—SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see EPSS 0.8%CVE-2021-33681MEDIUMSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out ofEPSS 0.8%CVE-2022-41204HIGHAn attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They caEPSS 0.8%CVE-2021-33675MEDIUMUnder certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to EPSS 0.8%CVE-2019-0244—SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-contrEPSS 0.8%CVE-2019-0245—SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-contrEPSS 0.8%CVE-2021-21486MEDIUMSAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessaryEPSS 0.8%CVE-2022-35296—Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive iEPSS 0.8%CVE-2022-39015—Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted.EPSS 0.8%CVE-2022-41214HIGHDue to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges EPSS 0.7%CVE-2020-6205MEDIUMSAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7EPSS 0.7%CVE-2022-35168—Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendeEPSS 0.7%CVE-2020-6233MEDIUMSAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated usEPSS 0.7%CVE-2021-33674MEDIUMUnder certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to EPSS 0.7%CVE-2022-26103—Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which couldEPSS 0.7%CVE-2019-0386—Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected inEPSS 0.7%CVE-2021-38174MEDIUMWhen a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes EPSS 0.7%CVE-2021-40501—SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business usEPSS 0.7%CVE-2019-0374—SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encEPSS 0.7%CVE-2019-0395—SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text moduleEPSS 0.7%