Latest Sap Vulnerabilities

CVE-2024-22125
Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)
Sap Gui Connector=1.0
CVE-2024-22124
Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager
SAP NetWeaver=kernel_7.22
SAP NetWeaver=kernel_7.53
SAP NetWeaver=kernel_7.54
SAP NetWeaver=krnl64nuc_7.22
SAP NetWeaver=krnl64nuc_7.22ext
SAP NetWeaver=krnl64uc_7.22ext
and 4 more
CVE-2024-21738
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform
SAP NetWeaver Application Server ABAP=79
SAP NetWeaver Application Server ABAP=700
SAP NetWeaver Application Server ABAP=701
SAP NetWeaver Application Server ABAP=702
SAP NetWeaver Application Server ABAP=731
SAP NetWeaver Application Server ABAP=740
and 10 more
CVE-2024-21737
Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
SAP Application Interface Framework=702
CVE-2024-21736
Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)
Sap S\/4hana Finance=107
Sap S\/4hana Finance=128
CVE-2024-21735
Improper Authorization check in SAP LT Replication Server
SAP LT Replication Server=s4core_103
SAP LT Replication Server=s4core_104
SAP LT Replication Server=s4core_105
SAP LT Replication Server=s4core_106
SAP LT Replication Server=s4core_107
SAP LT Replication Server=s4core_108
CVE-2024-21734
URL Redirection vulnerability in SAP Marketing (Contacts App)
SAP Marketing=160
CVE-2023-34064
Privilege Escalation Vulnerability
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 19 more
CVE-2023-35628
Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 10=21H2
Microsoft Windows 11=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10
Microsoft Windows 10=22H2
and 65 more
CVE-2023-35641
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008
Microsoft Windows 11=21H2
Microsoft Windows Server 2008
Microsoft Windows 10=21H2
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
and 69 more
CVE-2023-36019
Microsoft Power Platform Connector Spoofing Vulnerability
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Azure Logic Apps<3.23113
Microsoft Power Platform<3.23113
Apple Webkit
Microsoft Power Platform
and 22 more
CVE-2023-35630
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows 10=1809
Microsoft Windows 10=1607
Microsoft Windows 10=1809
Microsoft Windows Server 2012
Microsoft Windows 11=22H2
and 70 more
CVE-2023-50423
Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)
pip/sap-xssec<4.1.0
Sap Sap-xssec<4.1.0
CVE-2023-6542
Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID
Sap Emarsys Sdk=3.6.2
CVE-2023-49587
Command Injection vulnerability in SAP Solution Manager
SAP Solution Manager=720
CVE-2023-49584
Client-Side Desynchronization vulnerability in SAP Fiori Launchpad
SAP Fiori Launchpad=200
SAP Fiori Launchpad=700
SAP Fiori Launchpad=750
SAP Fiori Launchpad=754
SAP Fiori Launchpad=755
SAP Fiori Launchpad=756
and 3 more
CVE-2023-50422
Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library)
<2.17.0
>=3.0.0<3.3.0
Sap Cloud-security-services-integration-library<2.17.0
Sap Cloud-security-services-integration-library>=3.0.0<3.3.0
maven/com.sap.cloud.security:spring-security>=3.0.0<3.3.0
maven/com.sap.cloud.security:spring-security<2.17.0
and 4 more
CVE-2023-49583
Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec)
Sap \@sap\/xssec<3.6.0
npm/@sap/xssec<3.6.0
CVE-2023-49581
SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
=700
=731
=740
=750
CVE-2023-49580
Information disclosure in SAP GUI for Windows and SAP GUI for Java
Sap Graphical User Interface=sap_basis_755
Sap Graphical User Interface=sap_basis_755
Sap Graphical User Interface=sap_basis_756
Sap Graphical User Interface=sap_basis_756
Sap Graphical User Interface=sap_basis_757
Sap Graphical User Interface=sap_basis_757
and 2 more
CVE-2023-49578
Denial of service (DOS) in SAP Cloud Connector
SAP Cloud Connector=2.0
CVE-2023-49577
Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)
Sap Human Capital Management=s4hcmcie_100
Sap Human Capital Management=sap_hrcie_600
Sap Human Capital Management=sap_hrcie_604
Sap Human Capital Management=sap_hrcie_608
CVE-2023-49058
Directory Traversal vulnerability in SAP Master Data Governance
SAP Master Data Governance=731
SAP Master Data Governance=732
SAP Master Data Governance=746
SAP Master Data Governance=747
SAP Master Data Governance=748
SAP Master Data Governance=749
and 11 more
CVE-2023-42481
Improper Access Control vulnerability in SAP Commerce Cloud
SAP Commerce Cloud=8.1
CVE-2023-42479
Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct
SAP Biller Direct=635
SAP Biller Direct=750
CVE-2023-42478
Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform
SAP Business Objects Business Intelligence Platform=420
SAP Business Objects Business Intelligence Platform=430
CVE-2023-42476
Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence
SAP BusinessObjects Web Intelligence=420
CVE-2023-41678
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more
CVE-2023-33107
Integer Overflow or Wraparound in Graphics Linux
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 503 more
CVE-2023-33063
Use After Free in DSP Services
Qualcomm Multiple Chipsets
Google Android
Qualcomm 315 5g Iot Modem Firmware
Qualcomm 315 5g Iot Modem
Google Android
Qualcomm Apq8017
and 581 more
CVE-2023-33106
Use of Out-of-range Pointer Offset in Graphics
Qualcomm Multiple Chipsets
Google Android
Google Android
Qualcomm Ar8035
Qualcomm Csra6620 Firmware
Google Android
and 325 more
CVE-2023-42480
Information Disclosure in NetWeaver AS Java Logon
SAP NetWeaver Application Server Java=7.50
CVE-2023-41366
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP=kernel_7.22
SAP NetWeaver Application Server ABAP=kernel_7.53
SAP NetWeaver Application Server ABAP=kernel_7.54
SAP NetWeaver Application Server ABAP=kernel_7.77
SAP NetWeaver Application Server ABAP=kernel_7.85
SAP NetWeaver Application Server ABAP=kernel_7.89
and 9 more
CVE-2023-36920
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated a...
Sap Enable Now Enable Now Consump Del=1704
Sap Enable Now Wpb Manager=1.0
Sap Enable Now Wpb Manager Ce=10
Sap Enable Now Wpb Manager Hana=10
CVE-2023-42477
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integri...
SAP NetWeaver Application Server Java=7.50
CVE-2023-42475
The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.
Sap S\/4hana=102
Sap S\/4hana=103
Sap S\/4hana=104
Sap S\/4hana=105
Sap S\/4hana=106
Sap S\/4hana=128
CVE-2023-41365
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. A...
Sap Business One=10.0
CVE-2023-42474
SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an att...
SAP BusinessObjects Web Intelligence=420
CVE-2023-42473
S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confi...
Sap S\/4hana=106
CVE-2023-40310
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, w...
SAP PowerDesigner=16.7
CVE-2023-40307
An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. Thi...
Sap Privileges<1.5.4
CVE-2023-40625
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unint...
Sap S4core=102
Sap S4core=103
Sap S4core=104
Sap S4core=105
Sap S4core=106
Sap S4core=107
CVE-2023-40624
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaSc...
SAP NetWeaver Application Server ABAP=702
SAP NetWeaver Application Server ABAP=731
SAP NetWeaver Application Server ABAP=754
SAP NetWeaver Application Server ABAP=755
SAP NetWeaver Application Server ABAP=756
SAP NetWeaver Application Server ABAP=757
and 1 more
CVE-2023-40623
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On...
SAP BusinessObjects=420
SAP BusinessObjects=430
CVE-2023-40622
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise...
SAP BusinessObjects Business Intelligence=420
SAP BusinessObjects Business Intelligence=430
CVE-2023-40621
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on ...
SAP PowerDesigner=16.7
CVE-2023-40309
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depend...
SAP CommonCryptoLib=8.0.0
SAP Content Server=6.50
SAP Content Server=7.53
SAP Content Server=7.54
Sap Extended Application Services And Runtime=1.0
SAP HANA Database=2.0
and 41 more
CVE-2023-42472
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system ...
Sap Businessobjects Business Intelligence Platform=420
CVE-2023-41367
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. ...
SAP NetWeaver=7.50
CVE-2023-40308
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component ...
SAP CommonCryptoLib=8.0.0
SAP Content Server=6.50
SAP Content Server=7.53
SAP Content Server=7.54
Sap Extended Application Services And Runtime=1.0
SAP HANA Database=2.0
and 41 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203