Vulnerabilidades em SAP
159 resultadosCVE-2023-0013MEDIUMCross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP PlatformEPSS 0.4%CVE-2023-24529MEDIUMDue to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75EPSS 0.4%CVE-2023-23860MEDIUMSAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attaEPSS 0.4%CVE-2023-23853MEDIUMAn unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753,EPSS 0.3%CVE-2023-24525MEDIUMSAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in CroEPSS 0.3%CVE-2023-0015MEDIUMCross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)EPSS 0.3%CVE-2023-0025MEDIUMSAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an uEPSS 0.3%CVE-2023-23851MEDIUMSAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including wEPSS 0.3%CVE-2018-2440—Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes senEPSS 0.3%CVE-2023-29109MEDIUMCode Injection vulnerability in SAP Application Interface Framework (Message Dashboard)EPSS 0.3%CVE-2023-29112LOWCode Injection vulnerability in SAP Application Interface Framework (Message Monitoring)EPSS 0.3%CVE-2023-29110LOWCode Injection vulnerability in SAP Application Interface Framework (Message Dashboard)EPSS 0.3%CVE-2018-2500—Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information wEPSS 0.3%CVE-2023-23855MEDIUMSAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validatioEPSS 0.3%CVE-2022-41263MEDIUMDue to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows anEPSS 0.2%CVE-2023-0012MEDIUMLocal Privilege Escalation in SAP Host Agent (Windows)EPSS 0.2%CVE-2023-24523HIGHAn attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7EPSS 0.2%CVE-2023-29187MEDIUMDLL Hijacking vulnerability in SapSetup (Software Installation Program)EPSS 0.2%CVE-2022-41261MEDIUMSAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensiEPSS 0.2%