Vulnerabilidades en SAP SE

778 resultados
Análisis Vexday

Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.

CVE-2021-33662MEDIUMUnder certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing EPSS 0.3%CVE-2021-27637MEDIUMUnder certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access inforEPSS 0.3%CVE-2021-27613HIGHUnder certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to EPSS 0.3%CVE-2021-27614HIGHSAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attaEPSS 0.3%CVE-2020-26807MEDIUMSAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder whEPSS 0.3%CVE-2022-31591SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gaiEPSS 0.2%CVE-2022-29615SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The apEPSS 0.2%CVE-2022-31590SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’EPSS 0.2%CVE-2022-41169Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrEPSS 0.2%CVE-2022-41171Due to lack of proper memory management, when a victim opens manipulated CATIA4 Part (.model, CatiaTranslator.exe) file received from untrusEPSS 0.2%CVE-2022-41166Due to lack of proper memory management, when a victim opens manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untruEPSS 0.2%CVE-2022-41173Due to lack of proper memory management, when a victim opens manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sEPSS 0.2%CVE-2022-41178Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file reEPSS 0.2%CVE-2022-41182Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file receEPSS 0.2%CVE-2021-44234SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attackerEPSS 0.2%CVE-2021-21470LOWSAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacEPSS 0.2%CVE-2022-31594A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system.EPSS 0.2%CVE-2021-27608HIGHAn unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed whEPSS 0.2%CVE-2022-41197Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds (.wrl, vrml.x3d) file received from untrusted sourcesEPSS 0.2%CVE-2021-33669HIGHUnder certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file stoEPSS 0.2%