• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-22543
2022-10-25
N/A
7.5 HIGH
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
CVE-2022-22542
2022-10-26
N/A
6.5 MEDIUM
S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.
CVE-2022-22541
2022-04-20
N/A
6.5 MEDIUM
SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access.
CVE-2022-22540
2022-10-05
N/A
7.5 HIGH
SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.
CVE-2022-2254
2022-07-13
N/A
4.8 MEDIUM
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users.
CVE-2022-22539
3d Visual Enterprise Viewer, Sap
3d_visual_enterprise_author, 3d_visual_enterprise_viewer, Abap_platform, Abap_platform_kernel, Access_control, Activex_viewer, Adaptive_extensions, Adaptive_server_enterprise, Adaptive_server_enterprise_backup_server, Adaptive_server_enterprise_cockpit
2022-10-26
N/A
6.5 MEDIUM
When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.
CVE-2022-22538
3d Visual Enterprise Viewer, Sap
3d_visual_enterprise_author, 3d_visual_enterprise_viewer, Abap_platform, Abap_platform_kernel, Access_control, Activex_viewer, Adaptive_extensions, Adaptive_server_enterprise, Adaptive_server_enterprise_backup_server, Adaptive_server_enterprise_cockpit
2022-10-26
N/A
6.5 MEDIUM
When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.
CVE-2022-22537
3d Visual Enterprise Viewer, Sap
3d_visual_enterprise_author, 3d_visual_enterprise_viewer, Abap_platform, Abap_platform_kernel, Access_control, Activex_viewer, Adaptive_extensions, Adaptive_server_enterprise, Adaptive_server_enterprise_backup_server, Adaptive_server_enterprise_cockpit
2022-10-26
N/A
6.5 MEDIUM
When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.
CVE-2022-22536
2023-01-09
N/A
10 CRITICAL
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
CVE-2022-22535
2022-10-27
N/A
6.5 MEDIUM
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
« Previous 1 … 10,664 10,665 10,666 10,667 10,668 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE