Vulnerabilidades en SAP SE
778 resultadosAnálisis Vexday
Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.
CVE-2021-37532MEDIUMSAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the conteEPSS 0.8%CVE-2022-24397—SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflectEPSS 0.8%CVE-2020-6267MEDIUMSome sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only EPSS 0.8%CVE-2020-6281MEDIUMSAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resultEPSS 0.8%CVE-2021-21467MEDIUMSAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalatioEPSS 0.8%CVE-2020-6251MEDIUMUnder certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access iEPSS 0.8%CVE-2020-6201MEDIUMThe SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, 1905, does not sufficiently encode user-controlled inputs, due to whicEPSS 0.8%CVE-2020-6213MEDIUMSAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754,EPSS 0.8%CVE-2020-26828MEDIUMSAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. EPSS 0.8%CVE-2020-6260MEDIUMSAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, EPSS 0.8%CVE-2020-6261MEDIUMSAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XMEPSS 0.8%CVE-2020-6181MEDIUMUnder some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_EPSS 0.8%CVE-2022-32249—Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gaEPSS 0.8%CVE-2020-6259MEDIUMUnder certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwiseEPSS 0.8%CVE-2021-33686MEDIUMUnder certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive informaEPSS 0.8%CVE-2021-38179—Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contentsEPSS 0.8%CVE-2022-24398—Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to accessEPSS 0.8%CVE-2021-21487MEDIUMSAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privilEPSS 0.8%CVE-2021-33663MEDIUMSAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.2EPSS 0.8%CVE-2022-41212MEDIUMDue to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges EPSS 0.8%