CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39800
https://notcve.org/view.php?id=CVE-2022-39800
11 Oct 2022 — SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. SAP BusinessObjects BI LaunchPad - versiones 420, 430, es susceptible de sufrir un ataque de ejecución de scripts por parte de un atacante no autenticado ... • https://launchpad.support.sap.com/#/notes/3211161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-39802 – SAP Manufacturing Execution Core 15.3 Path Traversal
https://notcve.org/view.php?id=CVE-2022-39802
11 Oct 2022 — SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an attacker to exploit insufficient validation of a file path request parameter. The intended file path can be manipulated to allow arbitrary traversal of directories on the remote server. The file content within each directory can be read which may lead to information disclosure. SAP Manufacturing Execution - versiones 15.1, 15.2, 15.3, permite a un atacante explotar una comprobación insuficiente de un parámetro de petición de ruta de archivo.... • https://github.com/redrays-io/CVE-2022-39802 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41200 – SAP 3D Visual Enterprise Viewer SVG File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41200
11 Oct 2022 — Due to lack of proper memory management, when a victim opens a manipulated Scalable Vector Graphic (.svg, svg.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo Scalable Vector Graphic manipulado... • https://launchpad.support.sap.com/#/notes/3245928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41180 – SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41180
11 Oct 2022 — Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado Portable Doc... • https://launchpad.support.sap.com/#/notes/3245929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41181 – SAP 3D Visual Enterprise Author PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-41181
11 Oct 2022 — Due to lack of proper memory management, when a victim opens manipulated Portable Document Format (.pdf, PDFPublishing.dll) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado Portable Document Format (.pdf, PDFPublishing.dll) recibido de fuente... • https://launchpad.support.sap.com/#/notes/3245929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41193 – SAP 3D Visual Enterprise Viewer EPS File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-41193
11 Oct 2022 — Due to lack of proper memory management, when a victim opens a manipulated Encapsulated Post Script (.eps, ai.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado Encapsulated Post Scrip... • https://launchpad.support.sap.com/#/notes/3245928 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41182 – SAP 3D Visual Enterprise Author X_B File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-41182
11 Oct 2022 — Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Debido a una falta de administración apropiada de la memoria, cuando una víctima abre un archivo manipulado Parasolid Part and Assembly (.x_b, CoreCadTranslator.exe) reci... • https://launchpad.support.sap.com/#/notes/3245929 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35297
https://notcve.org/view.php?id=CVE-2022-35297
11 Oct 2022 — The application SAP Enable Now does not sufficiently encode user-controlled inputs over the network before it is placed in the output being served to other users, thereby expanding the attack scope, resulting in Stored Cross-Site Scripting (XSS) vulnerability leading to limited impact on Confidentiality, Integrity and Availability. La aplicación SAP Enable Now no codifica suficientemente las entradas controladas por el usuario a través de la red antes de colocarlas en la salida que sirve a otros usuarios, a... • https://launchpad.support.sap.com/#/notes/3049899 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35296
https://notcve.org/view.php?id=CVE-2022-35296
11 Oct 2022 — Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform (Version Management System) exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on Confidentiality. Bajo determinadas condiciones, la aplicación SAP BusinessObjects Business Intelligence Platform (Version Management System) expone información confidencial a un actor a través de la red con altos ... • https://launchpad.support.sap.com/#/notes/3233226 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41209
https://notcve.org/view.php?id=CVE-2022-41209
11 Oct 2022 — SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks. SAP Customer Data Cloud (Gigya mobile app for Android) - versión 7.4, usa un método de encriptación que carece de una difusión apropiada y no oculta bien los patrones. Esto puede conllevar a una divulgación de información. • https://launchpad.support.sap.com/#/notes/3248970 • CWE-326: Inadequate Encryption Strength •