Vulnerabilities in SAP SE
778 resultsCVE-2020-6207CRITICALSAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication forEPSS 98.4%KEVCVE-2022-22536CRITICALSAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher EPSS 97.9%KEVCVE-2020-6287CRITICALSAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows anEPSS 94.7%KEVCVE-2021-33690CRITICALServer-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service vEPSS 67.7%CVE-2020-6308MEDIUMSAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbEPSS 61.7%CVE-2021-21480HIGHSAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can inteEPSS 50.9%CVE-2018-2392—Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriaEPSS 40.6%CVE-2021-38163CRITICALSAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administraEPSS 37.1%KEVCVE-2021-21477CRITICALSAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticatEPSS 29.8%CVE-2018-2380MEDIUMSAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thuEPSS 29.2%KEVCVE-2020-6286MEDIUMThe insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions EPSS 28.3%CVE-2021-42063—A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW compoEPSS 22.3%CVE-2018-2393—Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriaEPSS 18.2%CVE-2022-28213—When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently valiEPSS 12.1%CVE-2021-21479HIGHIn SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity oEPSS 8.7%CVE-2019-0344CRITICALDue to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, it is possiEPSS 7.1%KEVCVE-2019-0285—The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information includEPSS 6.6%CVE-2022-39802—SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameEPSS 6.4%CVE-2020-6364CRITICALSAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a coEPSS 6.4%CVE-2020-6318CRITICALA Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).BecauEPSS 5.6%