CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44234
https://notcve.org/view.php?id=CVE-2021-44234
14 Jan 2022 — SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. SAP Business One - versión 10.0, el registro extendido almacena información que puede ser de naturaleza confidencial y dar una valiosa orientación a un atacante o exponer información confidencial del usuario • https://launchpad.support.sap.com/#/notes/3106528 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-22530
https://notcve.org/view.php?id=CVE-2022-22530
14 Jan 2022 — The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application. La aplicación F0743 Create Single Payment de SAP S/4HANA - versiones 100, 101, 102, 103, 104, 105, 106, no comprueba los archivos cargados o descarga... • https://launchpad.support.sap.com/#/notes/3112928 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42061
https://notcve.org/view.php?id=CVE-2021-42061
14 Dec 2021 — SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow. SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - versión 420, no codifica suficientemen... • https://launchpad.support.sap.com/#/notes/3103677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42068
https://notcve.org/view.php?id=CVE-2021-42068
14 Dec 2021 — When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre un archivo GIF (.gif) manipulado recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicie la aplicación • https://launchpad.support.sap.com/#/notes/3121165 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42070
https://notcve.org/view.php?id=CVE-2021-42070
14 Dec 2021 — When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application Cuando un usuario abre un archivo Jupiter Tessellation (.jt) manipulado recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se reinicie la ... • https://launchpad.support.sap.com/#/notes/3121165 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-42064
https://notcve.org/view.php?id=CVE-2021-42064
14 Dec 2021 — If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if the parameterized "in" clause accepts more than 1000 values. Si es configurado para usar una base de datos Oracle y si se crea una consulta usando la api java de búsqueda flexible con una cláusula "in" parametrizada, ... • https://launchpad.support.sap.com/#/notes/3114134 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42069 – SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-42069
14 Dec 2021 — When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application Cuando un usuario abre un archivo manipulado Tagged Image File Format (.tif) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación se bloquea y deja de estar disponible temporalmente para el usuario hasta que se re... • https://launchpad.support.sap.com/#/notes/3121165 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 7%CPEs: 4EXPL: 2CVE-2021-42063 – SAP Knowledge Warehouse 7.50 / 7.40 / 7.31 / 7.30 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-42063
14 Dec 2021 — A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. Se ha detectado una vulnerabilidad de seguridad en SAP Knowledge Warehouse - versiones 7.30, 7.31, 7.40, 7.50. El uso de un componente de SAP KW dentro de un navegador web permite a atacantes no autorizados llevar a cabo ataques de tipo XSS, lo q... • https://packetstorm.news/files/id/166369 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42066
https://notcve.org/view.php?id=CVE-2021-42066
14 Dec 2021 — SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application. SAP Business One - versión 10.0, permite a un usuario administrador ver la contraseña de la base de datos en texto plano a través de la red, qu... • https://launchpad.support.sap.com/#/notes/3101299 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.7EPSS: 0%CPEs: 14EXPL: 0CVE-2021-44232
https://notcve.org/view.php?id=CVE-2021-44232
14 Dec 2021 — SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server. SAF-T Framework Transaction SAFTN_G permite a un atacante explotar una comprobación insuficiente de la información de la ruta proporcionada por el usuario normal, conllevando a un acceso completo al directorio de... • https://launchpad.support.sap.com/#/notes/3124094 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •