Vulnerabilidades em SAP SE
778 resultadosCVE-2022-27668—Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to executeEPSS 2.0%CVE-2021-33701CRITICALDMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1EPSS 2.0%CVE-2021-27602CRITICALSAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which aEPSS 2.0%CVE-2021-33705HIGHThe SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request ForgerEPSS 2.0%CVE-2021-38180—SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitatiEPSS 2.0%CVE-2018-2367—ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit EPSS 2.0%CVE-2018-2422MEDIUMSAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessiEPSS 2.0%CVE-2019-0241—SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, eithEPSS 2.0%CVE-2019-0240—SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI linEPSS 2.0%CVE-2021-33707MEDIUMSAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stEPSS 2.0%CVE-2018-2404MEDIUMSAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation.EPSS 2.0%CVE-2021-21475MEDIUMUnder specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient vaEPSS 1.9%CVE-2021-21468MEDIUMThe BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges tEPSS 1.9%CVE-2020-6248CRITICALSAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user whiEPSS 1.9%CVE-2020-26837HIGHSAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can expEPSS 1.9%CVE-2020-6203CRITICALSAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficienEPSS 1.9%CVE-2018-2418MEDIUMSAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an attacker to inject code that can be executed by the application. An attackerEPSS 1.8%CVE-2020-6309HIGHSAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform anEPSS 1.8%CVE-2020-6284CRITICALSAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file dEPSS 1.8%CVE-2019-0276—Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate autEPSS 1.8%