Vulnerabilidades em SAP SE

778 resultados
Análise Vexday

Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.

CVE-2022-41260MEDIUMSAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker tEPSS 0.4%CVE-2022-35298SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site ScriptingEPSS 0.4%CVE-2022-41208MEDIUMDue to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to aEPSS 0.4%CVE-2018-2425HIGHUnder certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherEPSS 0.4%CVE-2019-0357The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privilEPSS 0.4%CVE-2022-32246SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker whoEPSS 0.4%CVE-2019-0291Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.EPSS 0.4%CVE-2019-0256Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwiseEPSS 0.4%CVE-2022-41210MEDIUMSAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for EPSS 0.4%CVE-2020-6228MEDIUMSAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain coEPSS 0.4%CVE-2022-41207MEDIUMSAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use EPSS 0.4%CVE-2022-41186Due to lack of proper memory management, when a victim opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) file received from uEPSS 0.4%CVE-2022-31597Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/SlovakEPSS 0.4%CVE-2022-39014Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attackEPSS 0.4%CVE-2022-41258MEDIUMDue to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious scripEPSS 0.4%CVE-2022-41185Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, MataiPersistence.dll) file received fEPSS 0.4%CVE-2020-6206MEDIUMSAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mEPSS 0.4%CVE-2018-2406MEDIUMUnquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, EPSS 0.4%CVE-2019-0284SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. EPSS 0.4%CVE-2020-6317LOWIn certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive informEPSS 0.4%