Vulnerabilidades em SAP SE

778 resultados
Análise Vexday

Com 778 CVEs catalogadas, o portfólio da SAP SE apresenta uma taxa de exploração ativa 1,7 vez acima da média geral do catálogo CISA KEV, indicando que vulnerabilidades nessa plataforma atraem atenção proporcional de agentes de ameaça. O tipo de falha mais recorrente é CWE-119 (erros de manipulação de memória), um vetor historicamente associado a impacto elevado de execução de código. A CVE mais crítica em exploração ativa, CVE-2020-6287, — neste caso CVE-2020-6207 — registra EPSS de 0,9838, sinalizando probabilidade muito alta de exploração observada na prática e justificando priorização imediata de remediação. Além disso, 18 vulnerabilidades possuem PoC pública e 46 são de severidade crítica, ampliando a superfície de risco para organizações que ainda não aplicaram os patches correspondentes.

CVE-2022-26107When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer -EPSS 0.9%CVE-2020-6280LOWSAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files whicEPSS 0.9%CVE-2021-21485HIGHAn unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java thEPSS 0.9%CVE-2020-6310MEDIUMImproper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740EPSS 0.9%CVE-2018-2375In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve applEPSS 0.9%CVE-2022-22530The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloadEPSS 0.9%CVE-2018-2376In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve applEPSS 0.9%CVE-2022-27669An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to whicEPSS 0.9%CVE-2020-6293HIGHSAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and aEPSS 0.9%CVE-2020-26819MEDIUMSAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web DynprEPSS 0.9%CVE-2018-2384Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet EPSS 0.9%CVE-2018-2385Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet GrapEPSS 0.9%CVE-2018-2396Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT,EPSS 0.9%CVE-2022-41203CRITICALIn some workflow of SAP BusinessObjects BI Platform (Central Management Console and BI LaunchPad), an authenticated attacker with low privilEPSS 0.9%CVE-2021-40496SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attackEPSS 0.9%CVE-2021-33676MEDIUMA missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to comEPSS 0.9%CVE-2018-2379In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messagesEPSS 0.9%CVE-2020-6218MEDIUMAdmin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access informEPSS 0.9%CVE-2019-0306SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SEPSS 0.9%CVE-2020-26814MEDIUMSAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditiEPSS 0.9%