Vulnerabilidades em SAP
159 resultadosCVE-2023-29186HIGHDirectory/Path Traversal vulnerability in SAP NetWeaver.EPSS 23.0%CVE-2023-0017CRITICALImproper access control in SAP NetWeaver AS for JavaEPSS 15.7%CVE-2023-28765CRITICALInformation Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )EPSS 14.9%CVE-2023-27267CRITICALMultiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge)EPSS 14.2%CVE-2018-2437—The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions whEPSS 3.3%CVE-2018-2465—SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, EPSS 2.6%CVE-2017-16684—SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for funcEPSS 2.5%CVE-2018-2438—The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attackeEPSS 2.0%CVE-2018-2482—SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimaEPSS 2.0%CVE-2018-2478—An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02,EPSS 1.8%CVE-2018-2446—Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (seEPSS 1.7%CVE-2018-2477—Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document acceptedEPSS 1.7%CVE-2018-2427—SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 20EPSS 1.7%CVE-2018-2468—Under certain conditions the backup server in SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access infEPSS 1.7%CVE-2018-2459—Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by defaEPSS 1.7%CVE-2018-2458—Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access informatEPSS 1.7%CVE-2018-2469—Under certain conditions SAP Adaptive Server Enterprise (ASE), versions 15.7 and 16.0, allows an attacker to access information which would EPSS 1.7%CVE-2018-2471—Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information which wouEPSS 1.7%CVE-2018-2450—SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and theEPSS 1.7%CVE-2021-41251MEDIUMPossibility to elevate privileges or get unauthorized access to dataEPSS 1.7%