Security Advisories  

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author

Description
[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution

Description
[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder)

Description
[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Description
[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)

Description
[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Description
[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ

Description
Missing authorization check in SAP Automotive Solutions

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console

Description
[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now

Description
[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP

Description
Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Description
Information Disclosure vulnerability in Master Data Governance

Description
[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Description
[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)

Description
Information Disclosure vulnerability in SAP CRM WebClient

Description
[CVE-2022-35298] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)

Description
[CVE-2022-39801] Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management

Description
[CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One

Description
Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN

Description
[CVE-2022-39799] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Description
[CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
Update 1 to Security Note 3165333 - [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix

Description
[CVE-2022-35294] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

Description
[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)

Description
[CVE-2022-35290] Information Disclosure in SAP Authenticator for Android

Description
[CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)

Description
Missing Authorization check in Portugal Digital Signature

Description
[CVE-2022-35293] Missing authorization check in SAP Enable Now Manager

Description
Information Disclosure in SAP Landscape Management

Description
Information Disclosure vulnerability in SAP Business Client

Description
[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)

Description
[CVE-2022-35171] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2022-35225] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-35172] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-31592] Missing Authorization check in EA-DFPS

Description
Missing Authorization Check in multiple components under SAP Automotive Solutions

Description
[CVE-2022-35227] Cross-Site Scripting (XSS) vulnerability in SAP NW EP WPC

Description
[CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x

Description
[CVE-2022-32248] Missing Input Validation in Manage Checkbooks component of SAP S/4HANA

Description
[CVE-2022-35168] Denial of Service vulnerability in SAP Business One

Description
[CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service)

Description
[CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM)

Description
[CVE-2022-35170] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application)

Description
Information Disclosure vulnerability in ABAP Platform

Description
[CVE-2022-31593] Code Injection vulnerability in SAP Business One

Description
[CVE-2022-32249] Information Disclosure vulnerability in SAP Business One

Description
[CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects

Description
[CVE-2022-31597] Missing Authorization check in SAP S/4HANA(business partner extension for Spain/Slovakia)

Description
[CVE-2022-32247] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-35224] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Portal

Description
[CVE-2022-28771] Missing Authentication check in SAP Business One (License service API)

Description
[CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
[CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
Improper Access Control check in SAP NetWeaver basicadmin and adminadapter services

Description
[CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.7

Description
Cross-Site Scripting (XSS) vulnerability in SAP Marketing Campaigns App

Description
[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database

Description
Unsafe use of target blank in SAP Marketing Campaigns

Description
[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent

Description
[CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform

Description
[CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)

Description
[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation

Description
[CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)

Description
[CVE-2022-29615] Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)

Description
Missing Authorization check in SAP ERP HCM

Description
[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update

Description
[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)

Description
[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end

Description
[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end

Description
[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

Description
Missing Authorization check for UI5 flexibility key user functionality

Description
[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform

Description
[CVE-2022-28770] Cross-Site Scripting (XSS) vulnerability in SAPUI5 (vbm library)

Description
[CVE-2022-27671] CSRF token visible in one of the URL in SAP Business Intelligence Platform.

Description
[CVE-2022-28217] Missing XML Validation vulnerability in SAP NW EP WPC

Description
[CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje - SOAP Web services)

Description
[CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects Platform

Description
[CVE-2022-26105] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-27670] Denial of service (DOS) in SQL Anywhere

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application Services

Description
[CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)

Description
[CVE-2021-44832] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)

Description
[CVE-2022-28772]Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)

Description
Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2022-27667] Information Disclosure vulnerability in CMC

Description
[CVE-2022-28773] Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)

Description
Multiple Vulnerabilities in URI.js bundled with SAPUI5

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Profitability Analytics

Description
Enable CSP support for OP1909 in SAP CRM WebClient UI

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Checkout

Description
[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework

Description
Update 1 to Security Note 3022622 - [CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence

Description
[CVE-2022-27658] Missing authorization check in SAP Innovation Management

Description
Privilege escalation vulnerability in Apache Tomcat server component of SAP Commerce

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in PowerDesigner Web (up to including 16.7 SP05 PL01)

Description
[CVE-2022-27669] Missing Authentication check in XML Data Archiving Service

Description
[CVE-2022-27657] Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Commerce

Description
[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
Missing authorization check in S/4HANA finance for advanced payment management

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager

Description
[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP

Description
[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform

Description
[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Description
Directory traversal in Web Container

Description
[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

Description
[CVE-2022-26100] Denial of service (DOS) in SAPCAR

Description
[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

Description
[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

Description
[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)

Description
[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation

Description
[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-22534] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

Description
[CVE-2022-22528] Information Disclosure in SAP Adaptive Server Enterprise

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools

Description
Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP

Description
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher

Description
Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)

Description
Switchable Authorization checks for RFC BCA_DIM_RESET_TRIGGER_TABLE in Loans (FI-CAX-FS)

Description
[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java

Description
[CVE-2022-22540] SQL Injection vulnerability in SAP NetWeaver AS ABAP (Workplace Server)

Description
[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)

Description
[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)

Description
[CVE-2022-22535] Missing Authorization check in SAP ERP HCM

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Commerce

Description
[CVE-2022-22545] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2022-22546] XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad)

Description
Update 2 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)

Description
[CVE-2021-42066] Information Disclosure vulnerability in SAP Business One

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services Cloud Edition

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Localization Hub, digital compliance service for India

Description
[CVE-2021-42067] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2022-22531] Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j2 component used in SAP Enterprise Continuous Testing by Tricentis

Description
[CVE-2022-22529] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Business One

Description
[CVE-2021-44228] Denial of Service vulnerability associated with Apache Log4j component used in XSA Cockpit

Description
[CVE-2021-44234] Information Disclosure vulnerability in SAP Business One

Description
Update 3 to Security Note 3130521: [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Java Web Service Adapter of SAP NetWeaver Process Integration

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure

Description
[CVE-2021-44235] Code Injection vulnerability in utility class for SAP NetWeaver AS ABAP

Description
[CVE-2021-42064] SQL Injection vulnerability in SAP Commerce

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP API Management (Tenant Cloning Tool)

Description
[CVE-2021-42063] Cross-Site Scripting (XSS) vulnerability in SAP Knowledge Warehouse

Description
[CVE-2021-44228] Code Injection vulnerability in Cloud for Customer Lotus Notes PlugIn

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Kyma

Description
Update 1 to Security Note 3131397 [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit

Description
[CVE-2019-17571] Code Injection vulnerability in SAP Landscape Management