CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SAP : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6814 20 +Info 2013-11-20 2018-12-10
5.8
None Remote Medium Not required Partial Partial None
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
2 CVE-2014-4159 2014-06-13 2016-12-16
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
3 CVE-2017-16679 601 2017-12-12 2018-01-04
5.8
None Remote Medium Not required Partial Partial None
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
4 CVE-2017-16691 20 2017-12-12 2018-01-04
5.8
None Remote Medium Not required None Partial Partial
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.
5 CVE-2018-2476 601 2018-11-13 2018-12-13
5.8
None Remote Medium Not required Partial Partial None
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
6 CVE-2019-0289 2019-05-14 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
7 CVE-2020-6211 601 2020-04-14 2020-04-15
5.8
None Remote Medium Not required Partial Partial None
SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
8 CVE-2020-6215 601 2020-04-14 2020-04-15
5.8
None Remote Medium Not required Partial Partial None
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
9 CVE-2020-6223 601 2020-04-14 2020-04-15
5.8
None Remote Medium Not required Partial Partial None
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing.
10 CVE-2020-6267 732 2020-07-14 2020-07-23
5.8
None Remote Medium Not required Partial Partial None
Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.
11 CVE-2020-6365 601 2020-10-15 2021-04-12
5.8
None Remote Medium Not required Partial Partial None
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.
12 CVE-2020-26836 601 2020-12-09 2021-06-17
5.8
None Remote Medium Not required Partial Partial None
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.
13 CVE-2021-21444 1021 2021-02-09 2021-02-16
5.8
None Remote Medium Not required Partial Partial None
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack.
14 CVE-2021-21476 601 2021-02-09 2021-04-01
5.8
None Remote Medium Not required Partial Partial None
SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
15 CVE-2021-21478 601 2021-02-09 2021-02-16
5.8
None Remote Medium Not required Partial Partial None
SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
16 CVE-2021-21491 601 2021-03-10 2021-03-17
5.8
None Remote Medium Not required Partial Partial None
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
17 CVE-2021-27612 601 2021-05-11 2021-06-29
5.8
None Remote Medium Not required Partial Partial None
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
18 CVE-2021-33697 269 2021-09-15 2021-09-28
5.8
None Remote Medium Not required Partial Partial None
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
19 CVE-2021-33705 918 2021-09-15 2021-09-28
5.8
None Remote Medium Not required Partial Partial None
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can result in the accessing or modification of data accessible from the Portal but will not affect its availability.
20 CVE-2021-33707 601 2021-08-10 2021-08-17
5.8
None Remote Medium Not required Partial Partial None
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity.
21 CVE-2017-16349 611 DoS 2018-08-02 2018-10-05
5.5
None Remote Low ??? Partial None Partial
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.
22 CVE-2018-2375 2018-02-14 2020-08-24
5.5
None Remote Low ??? Partial Partial None
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
23 CVE-2018-2376 2018-02-14 2020-08-24
5.5
None Remote Low ??? Partial Partial None
In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space.
24 CVE-2018-2416 20 2018-05-09 2019-03-14
5.5
None Remote Low ??? Partial None Partial
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source.
25 CVE-2018-2419 862 2018-05-09 2019-10-09
5.5
None Remote Low ??? Partial Partial None
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
26 CVE-2018-2441 2018-08-14 2020-08-24
5.5
None Remote Low ??? Partial Partial None
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.
27 CVE-2018-2445 918 2018-08-14 2018-10-15
5.5
None Remote Low ??? Partial Partial None
AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability.
28 CVE-2018-2492 611 2018-12-11 2021-04-20
5.5
None Remote Low ??? None Partial Partial
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50.
29 CVE-2019-0255 20 2019-02-15 2019-02-22
5.5
None Remote Low ??? Partial Partial None
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.
30 CVE-2019-0268 91 2019-03-12 2019-03-13
5.5
None Remote Low ??? Partial None Partial
SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.
31 CVE-2019-0277 611 2019-03-12 2019-03-13
5.5
None Remote Low ??? Partial None Partial
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
32 CVE-2019-0283 290 2019-04-10 2020-08-24
5.5
None Remote Low ??? Partial Partial None
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document.
33 CVE-2019-0340 611 2019-08-14 2020-08-24
5.5
None Remote Low ??? Partial Partial None
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files.
34 CVE-2019-0363 2019-09-10 2020-08-24
5.5
None Remote Low ??? Partial None Partial
Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.
35 CVE-2019-0396 20 2019-11-13 2019-11-15
5.5
None Remote Low ??? Partial None Partial
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows.
36 CVE-2020-6178 613 2020-03-10 2021-07-21
5.5
None Remote Low ??? Partial Partial None
SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure.
37 CVE-2020-6199 862 2020-03-10 2020-03-12
5.5
None Remote Low ??? Partial Partial None
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.
38 CVE-2020-6212 862 2020-04-24 2020-05-08
5.5
None Remote Low ??? Partial Partial None
Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.
39 CVE-2020-6268 862 2020-06-10 2020-06-16
5.5
None Remote Low ??? Partial Partial None
Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.
40 CVE-2020-6271 91 2020-06-10 2020-06-16
5.5
None Remote Low ??? Partial None Partial
SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent).
41 CVE-2020-6298 862 2020-08-12 2020-08-14
5.5
None Remote Low ??? Partial Partial None
SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check.
42 CVE-2020-6301 862 2020-08-12 2020-08-13
5.5
None Remote Low ??? Partial Partial None
SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.
43 CVE-2020-6320 863 2020-09-09 2021-07-21
5.5
None Remote Low ??? Partial Partial None
SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.
44 CVE-2020-6366 20 2020-10-20 2020-10-22
5.5
None Remote Low ??? Partial None Partial
SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service.
45 CVE-2020-26828 434 2020-12-09 2020-12-11
5.5
None Remote Low ??? Partial Partial None
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet
46 CVE-2020-26830 862 2020-12-09 2021-06-17
5.5
None Remote Low ??? Partial Partial None
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script.
47 CVE-2020-26831 2020-12-09 2020-12-10
5.5
None Remote Low ??? Partial None Partial
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).
48 CVE-2020-26834 287 2020-12-09 2020-12-10
5.5
None Remote Low ??? Partial Partial None
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.
49 CVE-2021-21474 347 2021-02-09 2021-02-16
5.5
None Remote Low ??? Partial Partial None
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.
50 CVE-2021-27635 611 2021-06-09 2021-11-04
5.5
None Remote Low ??? Partial None Partial
SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. The attack cannot be used to change any data so that there is no compromise as to integrity.
Total number of vulnerabilities : 264   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.