CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2022-28773
https://notcve.org/view.php?id=CVE-2022-28773
12 Apr 2022 — Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. Debido a una recursión no controlada en SAP Web Dispatcher y SAP Internet Communication Manager, la aplicación puede bloquearse, conllevando a una denegación de servicio, pero puede reiniciarse automáticamente • https://launchpad.support.sap.com/#/notes/3111293 • CWE-674: Uncontrolled Recursion •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27657 – SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal
https://notcve.org/view.php?id=CVE-2022-27657
12 Apr 2022 — A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0. Un atacante remoto con altos privilegios, puede obtener acceso no autorizado para mostrar el contenido de directorios restringidos aprovechando la insuficiente comprobación de la información de la ruta en SAP Focused Run (Simple Diagnostics Agent versión 1.0) - versión 1.0 SAP... • https://packetstorm.news/files/id/167563 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-28770
https://notcve.org/view.php?id=CVE-2022-28770
12 Apr 2022 — Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. Debido a una insuficiente comprobación de entrada, la biblioteca SAPUI5(vbm) - versiones 750, 753, 754, 755, 75, permite a un atacante no autenticado inyectar un script en la URL y ejec... • https://launchpad.support.sap.com/#/notes/3126557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2022-28216
https://notcve.org/view.php?id=CVE-2022-28216
12 Apr 2022 — SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data. SAP BusinessObjects Business Intelligence Platform (BI Workspace) - versión 420, es susceptible de sufrir un ataque de tipo Cross-Site Scripting por par... • https://launchpad.support.sap.com/#/notes/3150845 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 14%CPEs: 2EXPL: 3CVE-2022-28213 – SAP BusinessObjects Intelligence 4.3 - XML External Entity (XXE)
https://notcve.org/view.php?id=CVE-2022-28213
12 Apr 2022 — When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS. Cuando un usuario accede a servicios web SOAP en SAP BusinessObjects Business Intelligence Platform - versión 420, 430, no se comprueba suficientemente el documento XML aceptado desde una fuente no confiable, lo que ... • https://packetstorm.news/files/id/167046 • CWE-112: Missing XML Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27654 – SAP 3D Visual Enterprise Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-27654
12 Apr 2022 — When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre un documento manipulado de Photoshop (.psd, 2d.x3d) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación es bloqueada y deja de estar disponible temporalmente para el usuario hasta que sea r... • https://launchpad.support.sap.com/#/notes/3143437 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22541
https://notcve.org/view.php?id=CVE-2022-22541
12 Apr 2022 — SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access. SAP BusinessObjects Business Intelligence Platform - versiones 420, 430, puede permitir a usuarios legítimos acceder a información que no deberían ver mediante conexiones relacionales u OLAP. El principal impacto es la divulgac... • https://launchpad.support.sap.com/#/notes/3137191 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27670
https://notcve.org/view.php?id=CVE-2022-27670
12 Apr 2022 — SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers. SAP SQL Anywhere - versión 17.0, permite que un atacante autenticado impida que los usuarios legítimos accedan a un servidor de base de datos SQL Anywhere al bloquear el servidor con algunas consultas que usan identificadores indirectos • https://launchpad.support.sap.com/#/notes/3148094 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27655 – SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-27655
12 Apr 2022 — When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre un 3D universal manipulado (.u3d, 3difr.x3d) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación es bloqueada y deja de estar disponible temporalmente para el usuario hasta que sea reiniciada ... • https://launchpad.support.sap.com/#/notes/3143437 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26106 – SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26106
12 Apr 2022 — When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre un metafichero de infografía manipulado (.cgm, CgmCore.dll) recibido de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación es bloqueada y deja de estar disponible temporalmente para el us... • https://launchpad.support.sap.com/#/notes/3143437 • CWE-20: Improper Input Validation •