CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35170
https://notcve.org/view.php?id=CVE-2022-35170
12 Jul 2022 — SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario a través de la red, res... • https://launchpad.support.sap.com/#/notes/3208819 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35168
https://notcve.org/view.php?id=CVE-2022-35168
12 Jul 2022 — Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. Debido a un saneo inapropiado de la entrada XML en SAP Business One - versión 10.0, un atacante puede llevar a cabo un ataque de denegación de servicio haciendo que el sistema quede temporalmente inoperativo • https://launchpad.support.sap.com/#/notes/3211203 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-32247
https://notcve.org/view.php?id=CVE-2022-32247
12 Jul 2022 — SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, es susceptible de sufrir un ataque de... • https://launchpad.support.sap.com/#/notes/3209557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32248
https://notcve.org/view.php?id=CVE-2022-32248
12 Jul 2022 — Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data. Debido a una falta de comprobación de entrada en el componente Manage Checkbooks de SAP S/4HANA - versiones 101, 102, 103, 104, 105, 106, un atacante podría insertar o editar el valor de un campo existente en la base de datos. Esto conlleva a un impacto e... • https://launchpad.support.sap.com/#/notes/3216161 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31593
https://notcve.org/view.php?id=CVE-2022-31593
12 Jul 2022 — SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. El cliente SAP Business One - versión 10.0, permite a un atacante con bajos privilegios, inyectar código que puede ser ejecutado por la aplicación. Un atacante podría así controlar el comportamiento de la aplicación • https://launchpad.support.sap.com/#/notes/3191012 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-31591
https://notcve.org/view.php?id=CVE-2022-31591
12 Jul 2022 — SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service SAP BusinessObjects BW Publisher Service - versiones 420, 430, usa una ruta de búsqueda que contiene un elemento no citado. Un atacante local puede conseguir altos privilegios al insertar un archivo ejecutable en la ruta del servicio afectado • https://launchpad.support.sap.com/#/notes/3167430 • CWE-428: Unquoted Search Path or Element •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-31597
https://notcve.org/view.php?id=CVE-2022-31597
12 Jul 2022 — Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. Dentro de SAP S/4HANA - versiones S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE versión 127, la extensión de la aplicación de socios comerciales para España/... • https://launchpad.support.sap.com/#/notes/3213826 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28771
https://notcve.org/view.php?id=CVE-2022-28771
12 Jul 2022 — Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible. Debido a una falta de comprobación de la autenticación, la API del servicio de licencias de SAP Business one - versión 10.0 permite a un atacante no autenticado enviar peticiones http maliciosas a través de la red. Si es explotado con éxito, ... • https://launchpad.support.sap.com/#/notes/3157613 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-29619
https://notcve.org/view.php?id=CVE-2022-29619
12 Jul 2022 — Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform versión 4.x - versiones 420,430 permite al usuario Administrador visualizar, editar o modificar los derechos de objetos que no posee y que de otra manera estarían restringidos • https://launchpad.support.sap.com/#/notes/3169239 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2022-31592
https://notcve.org/view.php?id=CVE-2022-31592
12 Jul 2022 — The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. La aplicación SAP Enterprise Extension Defense Forces & Public Security - versiones 605, 606, 616,617,618, 802, 803, 804, 805, 806, no lleva a cabo las comprobaciones de autorización necesarias par... • https://launchpad.support.sap.com/#/notes/3196280 • CWE-862: Missing Authorization •