CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27670
https://notcve.org/view.php?id=CVE-2022-27670
12 Apr 2022 — SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. SAP SQL Anywhere - versión 17.0, permite que un atacante autenticado impida que los usuarios legítimos accedan a un servidor de base de datos SQL Anywhere al bloquear el servidor con algunas consultas que usan identificadores indirectos • https://launchpad.support.sap.com/#/notes/3148094 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22541
https://notcve.org/view.php?id=CVE-2022-22541
12 Apr 2022 — SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access. SAP BusinessObjects Business Intelligence Platform - versiones 420, 430, puede permitir a usuarios legítimos acceder a información que no deberían ver mediante conexiones relacionales u OLAP. El principal impacto es la divulgac... • https://launchpad.support.sap.com/#/notes/3137191 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27655 – SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-27655
12 Apr 2022 — When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre un 3D universal manipulado (.u3d, 3difr.x3d) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación es bloqueada y deja de estar disponible temporalmente para el usuario hasta que sea reiniciada ... • https://launchpad.support.sap.com/#/notes/3143437 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26106 – SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26106
12 Apr 2022 — When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre un metafichero de infografía manipulado (.cgm, CgmCore.dll) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación es bloqueada y deja de estar disponible temporalmente para el us... • https://launchpad.support.sap.com/#/notes/3143437 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26108 – SAP 3D Visual Enterprise Viewer PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26108
12 Apr 2022 — When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre un Picture Exchange (.pcx, 2d.x3d) manipulado recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación es bloqueada y deja de estar disponible temporalmente para el usuario hasta que sea reiniciad... • https://launchpad.support.sap.com/#/notes/3143437 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-26105
https://notcve.org/view.php?id=CVE-2022-26105
12 Apr 2022 — SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, es susceptible de sufrir un ataque de... • https://launchpad.support.sap.com/#/notes/3163583 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26109 – SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26109
12 Apr 2022 — When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre un formato de documento portátil manipulado (.pdf, PDFView.x3d) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación es bloqueada y deja de estar disponible temporalmente para el ... • https://launchpad.support.sap.com/#/notes/3143437 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27667
https://notcve.org/view.php?id=CVE-2022-27667
12 Apr 2022 — Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. Bajo determinadas condiciones, la plataforma SAP BusinessObjects Business Intelligence, Client Management Console (CMC) - versión 430, permite a un atacante acceder a información que de otra manera estaría restringida, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/3145769 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26107 – SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26107
12 Apr 2022 — When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre una teselación de Júpiter manipulada (.jt, JTReader.x3d) recibida de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación es bloqueada y deja de estar disponible temporalmente para el usuario hast... • https://launchpad.support.sap.com/#/notes/3143437 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-1248 – SAP Information System POST Request add_admin.php improper authentication
https://notcve.org/view.php?id=CVE-2022-1248
06 Apr 2022 — A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed. Se ha encontrado una vulnerabilidad en SAP Information System versión 1.0, que ha sido calificada como crítica. • https://packetstorm.news/files/id/166609 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •