Vulnerabilidades en SAP SE
778 resultadosAnálisis Vexday
Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.
CVE-2021-40499—Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, EPSS 1.1%CVE-2021-33677MEDIUMSAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead EPSS 1.1%CVE-2020-26810HIGHSAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted reqEPSS 1.1%CVE-2022-26100—SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and thEPSS 1.1%CVE-2019-0331—Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, allows an attacker to aEPSS 1.1%CVE-2019-0383—Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0,EPSS 1.1%CVE-2019-0338—During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attributes cache-control and pragma were not propEPSS 1.1%CVE-2020-6225CRITICALSAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does EPSS 1.1%CVE-2020-6285HIGHSAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an atEPSS 1.1%CVE-2019-0405—SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of useEPSS 1.1%CVE-2019-0404—SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information DiscEPSS 1.1%CVE-2021-42064—If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP CEPSS 1.1%CVE-2020-6224MEDIUMSAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges toEPSS 1.1%CVE-2019-0352—In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leEPSS 1.1%CVE-2019-0289—Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker toEPSS 1.1%CVE-2020-6365MEDIUMSAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirectEPSS 1.1%CVE-2019-0350—SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver EPSS 1.1%CVE-2022-27655—When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version EPSS 1.1%CVE-2022-27654—When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - versiEPSS 1.1%CVE-2021-33668MEDIUMDue to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact tEPSS 1.1%