Vulnerabilidades em SAP SE
778 resultadosAnálise Vexday
Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.
CVE-2020-26831CRITICALSAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crysEPSS 1.1%CVE-2021-38181—SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prEPSS 1.1%CVE-2020-6230CRITICALSAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by theEPSS 1.1%CVE-2021-38182—Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can compleEPSS 1.1%CVE-2020-6202MEDIUMSAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently vaEPSS 1.1%CVE-2021-33672CRITICALDue to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chaEPSS 1.1%CVE-2021-33698CRITICALSAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the prEPSS 1.1%CVE-2020-6366HIGHSAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with aEPSS 1.1%CVE-2019-0341—The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an attacker runs script code in the contextEPSS 1.1%CVE-2022-35299—SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a meEPSS 1.1%CVE-2018-2398MEDIUMUnder certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted.EPSS 1.0%CVE-2020-6247MEDIUMSAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessEPSS 1.0%CVE-2018-2394—Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGSEPSS 1.0%CVE-2022-22538—When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise ViewEPSS 1.0%CVE-2021-40495—There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751EPSS 1.0%CVE-2020-6362MEDIUMSAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected EPSS 1.0%CVE-2022-22539—When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - versionEPSS 1.0%CVE-2022-29618—Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, aEPSS 1.0%CVE-2021-21464MEDIUMSAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crEPSS 1.0%CVE-2021-42069—When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - versEPSS 1.0%