High
SAP
04/05/2022
This vulnerability can be used by an attacker to make a Denial of Service to SAP Netweaver Java, making HTTP server unavailable during attack execution.
High
SAP
04/05/2022
By injecting an HTTP request as a prefix into a victim’s request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as a…
High
SAP
01/26/2022
Successful attacks can lead to various types of exploitation like CSRF, html injection, data exfiltration, depending on the victim's privileges.
High
SAP
01/26/2022
Impact depends on the victim's privileges. In the worst case, a successful attack allows an attacker to hijack an administrator session and perform actions like exfiltrate data, change data or…
Critical
SAP
01/26/2022
This XSLT vulnerability allows an unprivileged authenticated attacker to execute an OS command as SAP administrator OS-level (sidadm). This results in a full compromise of the confidentiality,…
High
SAP
01/26/2022
An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash…
Medium
SAP
01/26/2022
This URL Redirection vulnerability in SAP Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This gives…
High
SAP
01/26/2022
Impact depends on the victim's privileges. In the worst case, a successful attack allows an attacker to hijack an administrator session and perform actions like exfiltrate data, change data or…
Critical
12/15/2021
This advisory intends to help defenders better assess which systems in the landscape need rapid attention, which workarounds are available, and where to look for additional details in case they need…
Medium
SAP
11/21/2021
An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash…
High
SAP
11/21/2021
A high-privileged SAP JAVA NetWeaver user is able to abuse an XXE vulnerability with the goal of reading files from the OS (compromising confidentiality) and/or making system processes crash (…
High
SAP
11/21/2021
An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash…