Vulnerabilidades em SAP SE
778 resultadosCVE-2020-26829CRITICALSAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processeEPSS 4.7%CVE-2020-26820CRITICALSAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the adminEPSS 3.9%CVE-2021-21465CRITICALThe BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An EPSS 3.7%CVE-2019-0261—Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks proEPSS 3.6%CVE-2020-6234HIGHSAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underEPSS 3.6%CVE-2019-0328—ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the executioEPSS 3.4%CVE-2021-33670HIGHSAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send EPSS 3.2%CVE-2021-38177HIGHSAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends cEPSS 3.1%CVE-2021-21466CRITICALSAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attEPSS 3.1%CVE-2021-37531CRITICALSAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a noEPSS 3.1%CVE-2020-26808CRITICALSAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS)EPSS 3.0%CVE-2019-0246—SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.EPSS 2.7%CVE-2020-6369HIGHSAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackeEPSS 2.6%CVE-2018-2368—SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalitiEPSS 2.6%CVE-2021-38162HIGHSAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7EPSS 2.6%CVE-2019-0322—SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, 6.7, 1808, 1811), allows an attacker to EPSS 2.6%CVE-2018-2421MEDIUMSAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessiEPSS 2.6%CVE-2018-2423MEDIUMSAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users frEPSS 2.6%CVE-2021-33678MEDIUMA function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75AEPSS 2.5%CVE-2019-0319—The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is displayed in the form of an error message.EPSS 2.5%