Security Advisories  

Description
Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager

Description
[CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)

Description
[CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel

Description
Information Disclosure vulnerability in SAP Commerce (Backoffice)

Description
[CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Description
[CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)

Description
[CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA

Description
Denial of service (DOS) in SAP Commerce

Description
[CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy

Description
[CVE-2023-30743] Improper Neutralization of Input in SAPUI5

Description
[CVE-2023-1903] Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)

Description
[CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)

Description
[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)

Description
[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service

Description
[CVE-2023-29185] Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)

Description
[CVE-2023-29189] HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-27897] Code Injection vulnerability in SAP CRM

Description
[CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )

Description
[CVE-2023-27499] Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

Description
[CVE-2023-29108] IP filter vulnerability in ABAP Platform and SAP Web Dispatcher

Description
[CVE-2023-29112] Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)

Description
[CVE-2023-26458] Information Disclosure vulnerability in SAP Landscape Management

Description
Remote Code Execution vulnerability in SAP Commerce

Description
[CVE-2023-29186] Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON)

Description
[CVE-2023-29109] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-29110] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-29187] DLL Hijacking vulnerability in SapSetup (Software Installation Program)

Description
[CVE-2023-28761] Missing Authentication check in SAP NetWeaver Enterprise Portal

Description
[CVE-2023-28763] - Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)

Description
[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform

Description
[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)

Description
[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)

Description
[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

Description
[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java

Description
[CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)

Description
[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)

Description
[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server

Description
[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)

Description
[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL

Description
[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android

Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

Description
[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data

Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager

Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)

Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)

Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)

Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)

Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2

Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation

Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface

Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)

Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)

Description
[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)

Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS

Description
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)

Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java

Description
[CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)

Description
[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Description
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS

Description
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)

Description
Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)

Description
[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)

Description
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)

Description
Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce

Description
[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)

Description
[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management

Description
[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management

Description
[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)

Description
[CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct

Description
[CVE-2022-41214] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
Insufficient Session Expiration in Central Fiori Launchpad

Description
[CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2021-20223] Multiple Vulnerabilities in SQlite bundled with SAPUI5

Description
[CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere

Description
[CVE-2022-41205] Code injection vulnerability in SAP GUI for Windows

Description
[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

Description
[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)

Description
[CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)

Description
[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP

Description
[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder)

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author

Description
[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Description
[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Description
Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Description
Information Disclosure vulnerability in Master Data Governance

Description
[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now

Description
[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Description
[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution

Description
Missing authorization check in SAP Automotive Solutions

Description
[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)

Description
[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ

Description
[CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix

Description
[CVE-2022-35298] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)

Description
[CVE-2022-35294] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

Description
[CVE-2022-39799] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Description
[CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One

Description
[CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN

Description
Update 1 to Security Note 3165333 - [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
Information Disclosure vulnerability in SAP CRM WebClient

Description
[CVE-2022-39801] Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management

Description
[CVE-2022-35290] Information Disclosure in SAP Authenticator for Android

Description
Information Disclosure in SAP Landscape Management

Description
[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)

Description
[CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)

Description
[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)

Description
Missing Authorization check in Portugal Digital Signature

Description
[CVE-2022-35293] Missing authorization check in SAP Enable Now Manager

Description
Information Disclosure vulnerability in SAP Business Client

Description
[CVE-2022-35170] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-35172] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-35225] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
[CVE-2022-28771] Missing Authentication check in SAP Business One (License service API)

Description
[CVE-2022-35224] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Portal

Description
[CVE-2022-35171] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-32247] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-31597] Missing Authorization check in SAP S/4HANA(business partner extension for Spain/Slovakia)

Description
[CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects

Description
[CVE-2022-32249] Information Disclosure vulnerability in SAP Business One

Description
[CVE-2022-31593] Code Injection vulnerability in SAP Business One

Description
Information Disclosure vulnerability in ABAP Platform

Description
[CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application)

Description
[CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM)

Description
[CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service)

Description
[CVE-2022-35168] Denial of Service vulnerability in SAP Business One