SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
Max CVSS
9.8
EPSS Score
0.10%
Published
2023-08-08
Updated
2023-08-09
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.
Max CVSS
9.6
EPSS Score
0.04%
Published
2023-11-14
Updated
2023-11-20
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.
Max CVSS
9.9
EPSS Score
0.09%
Published
2023-03-14
Updated
2023-04-11
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable.
Max CVSS
9.8
EPSS Score
0.23%
Published
2023-01-10
Updated
2023-01-13
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
Max CVSS
9.8
EPSS Score
0.34%
Published
2021-06-16
Updated
2022-10-06
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.
Max CVSS
9.8
EPSS Score
0.50%
Published
2017-12-12
Updated
2017-12-22
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
Max CVSS
10.0
EPSS Score
0.32%
Published
2017-10-16
Updated
2019-10-03
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
Max CVSS
10.0
EPSS Score
0.83%
Published
2017-10-16
Updated
2019-10-03
The multi-tenant database container feature in SAP HANA does not properly encrypt communications, which allows remote attackers to bypass intended access restrictions and possibly have unspecified other impact via unknown vectors, aka SAP Security Note 2233550.
Max CVSS
9.8
EPSS Score
1.28%
Published
2016-08-05
Updated
2016-11-28
SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806.
Max CVSS
9.8
EPSS Score
5.86%
Published
2017-04-13
Updated
2017-04-20
SAP TREX 7.10 Revision 63 allows remote attackers to write to arbitrary files via vectors related to RFC-Gateway, aka SAP Security Note 2203591.
Max CVSS
9.8
EPSS Score
1.40%
Published
2016-08-05
Updated
2016-11-28
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
Max CVSS
9.8
EPSS Score
1.18%
Published
2021-08-09
Updated
2021-08-17
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!