NotCVE - vendor:"Sap"

Page 33 of 1555 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-41211 – SAP 3D Visual Enterprise Viewer DST File Parsing Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2022-41211

08 Nov 2022 — Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rig... • https://launchpad.support.sap.com/#/notes/3263436 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-41259

https://notcve.org/view.php?id=CVE-2022-41259

08 Nov 2022 — SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. SAP SQL Anywhere versión 17.0, permite a un atacante autenticado evitar que usuarios legítimos accedan a un servidor de base de datos SQL Anywhere bloqueando el servidor con algunas consultas que utilizan un constructor ARRAY. • https://launchpad.support.sap.com/#/notes/3229987 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-41205

https://notcve.org/view.php?id=CVE-2022-41205

08 Nov 2022 — SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. SAP GUI permite a un atacante autenticado ejecutar scripts en la red local. Si la explotación tiene éxito, el atacante puede obtener acceso a los registros, lo que puede causar un impacto limitado en la confidencialidad y un alto impacto en la disponibili... • https://launchpad.support.sap.com/#/notes/3237251 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-41208

https://notcve.org/view.php?id=CVE-2022-41208

08 Nov 2022 — Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application. Debido a una validación de entrada insuficiente, SAP Financial Consolidation, versión 1010, permite que un atacante autenticado con privilegios de usuario altere la sesión del usuario actual. Si... • https://launchpad.support.sap.com/#/notes/3260708 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2022-41212

https://notcve.org/view.php?id=CVE-2022-41212

08 Nov 2022 — Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. Debido a una validación de entrada insuficiente, SAP NetWeaver Application Server ABAP y ABAP Platform permiten a un atacante con privilegios de alto nivel utilizar una función remota habi... • https://launchpad.support.sap.com/#/notes/3256571 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •