Vulnerabilidades en SAP SE

778 resultados
Análisis Vexday

Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.

CVE-2022-41180Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received EPSS 0.3%CVE-2022-39808Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untEPSS 0.3%CVE-2020-6297MEDIUMUnder certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential EPSS 0.3%CVE-2020-6245MEDIUMSAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code tEPSS 0.3%CVE-2020-6199MEDIUMThe view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA CeEPSS 0.3%CVE-2023-40306MEDIUMURL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)EPSS 0.3%CVE-2020-6244HIGHSAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in EPSS 0.3%CVE-2020-6239MEDIUMUnder certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM useEPSS 0.3%CVE-2022-41211HIGHDue to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise AuEPSS 0.3%CVE-2022-22528SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platformEPSS 0.3%CVE-2023-36920MEDIUMClickjacking vulnerability in SAP Enable NowEPSS 0.3%CVE-2019-0381A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, EPSS 0.3%CVE-2022-41188Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untruEPSS 0.3%CVE-2022-41192Due to lack of proper memory management, when a victim opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusteEPSS 0.3%CVE-2019-0353Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access informatiEPSS 0.3%CVE-2021-44235Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756EPSS 0.3%CVE-2021-21448MEDIUMSAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the clientEPSS 0.3%CVE-2020-6295HIGHUnder certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidentialEPSS 0.3%CVE-2021-27611HIGHSAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP reEPSS 0.3%CVE-2021-27616HIGHUnder certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One fEPSS 0.3%