CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41169 – SAP 3D Visual Enterprise Author CATPart File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-41169
11 Oct 2022 — Due to lack of proper memory management, when a victim opens manipulated CATIA5 Part (.catpart, CatiaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de CATIA5 Part (.catpart, CatiaTranslator.exe) recibido de fuentes no confia... • https://launchpad.support.sap.com/#/notes/3245929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39806 – SAP 3D Visual Enterprise Author SLDDRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-39806
11 Oct 2022 — Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de SolidWor... • https://launchpad.support.sap.com/#/notes/3245929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39807 – SAP 3D Visual Enterprise Author SLDASM File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-39807
11 Oct 2022 — Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) recibido de f... • https://launchpad.support.sap.com/#/notes/3245929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41210
https://notcve.org/view.php?id=CVE-2022-41210
11 Oct 2022 — SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings. SAP Customer Data Cloud (Gigya mobile app for Android) - versión 7.4, usa un programa generador de números aleatorios no seguro que facilita al atacante la predicción de futuros números aleatorios. Esto puede conllevar a una divulgación de in... • https://launchpad.support.sap.com/#/notes/3248384 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41178 – SAP 3D Visual Enterprise Author IGES File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41178
11 Oct 2022 — Due to lack of proper memory management, when a victim opens manipulated Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo Iges Part and Assembly (.igs, .iges, CoreCadTranslator.exe) manipulado ... • https://launchpad.support.sap.com/#/notes/3245929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41172 – SAP 3D Visual Enterprise Author DXF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41172
11 Oct 2022 — Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dxf, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado de AutoCAD (.dxf, TeighaTr... • https://launchpad.support.sap.com/#/notes/3245929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-41204
https://notcve.org/view.php?id=CVE-2022-41204
11 Oct 2022 — An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system. Un atacante puede cambiar el contenido de una página de inicio de sesión de SAP Commerce - versiones 1905, ... • https://launchpad.support.sap.com/#/notes/3239152 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41206
https://notcve.org/view.php?id=CVE-2022-41206
11 Oct 2022 — SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application. La plataforma SAP BusinessObjects Business Intelligence (Analysis for OLAP) - versiones 420, 430, permite a un atacante autenticado enviar entradas controladas por... • https://launchpad.support.sap.com/#/notes/3229425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39805 – SAP 3D Visual Enterprise Author CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-39805
11 Oct 2022 — Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado Computer G... • https://launchpad.support.sap.com/#/notes/3245929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35226
https://notcve.org/view.php?id=CVE-2022-35226
11 Oct 2022 — SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console. SAP Data Services Management permite a un atacante copiar los datos de una petición y haga eco en la respuesta inmediata de la aplicación, conllevará a una vulnerabili... • https://launchpad.support.sap.com/#/notes/3167342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •