Vulnerabilidades en SAP SE

778 resultados
Análisis Vexday

Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.

CVE-2020-6222MEDIUMSAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-EPSS 0.7%CVE-2021-21491MEDIUMSAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow EPSS 0.7%CVE-2022-29613Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee numbEPSS 0.7%CVE-2020-6376MEDIUMSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sEPSS 0.7%CVE-2020-6375MEDIUMSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from uEPSS 0.7%CVE-2021-33667MEDIUMUnder certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source EPSS 0.7%CVE-2020-6288MEDIUMSAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to uploadEPSS 0.7%CVE-2020-6223MEDIUMThe open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pageEPSS 0.7%CVE-2020-6211MEDIUMSAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious sitEPSS 0.7%CVE-2020-6216MEDIUMSAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resultEPSS 0.7%CVE-2018-2388Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.EPSS 0.7%CVE-2020-6217MEDIUMSAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not EPSS 0.7%CVE-2018-2383Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.EPSS 0.7%CVE-2020-6212MEDIUMEgypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLOEPSS 0.7%CVE-2020-6276MEDIUMSAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting EPSS 0.7%CVE-2020-6246MEDIUMSAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, EPSS 0.7%CVE-2020-6305MEDIUMPI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputEPSS 0.7%CVE-2020-6229MEDIUMSAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75AEPSS 0.7%CVE-2020-6254MEDIUMSAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payloaEPSS 0.7%CVE-2020-6210MEDIUMSAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the EPSS 0.7%