Security Advisories  

Description
[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)

Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java

Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS

Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)

Description
[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)

Description
[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)

Description
[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)

Description
Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce

Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)

Description
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)

Description
[CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)

Description
[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Description
[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)

Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management

Description
[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management

Description
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS

Description
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)

Description
Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)

Description
[CVE-2022-41214] Multiple vulnerabilities in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct

Description
[CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
Insufficient Session Expiration in Central Fiori Launchpad

Description
[CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere

Description
[CVE-2021-20223] Multiple Vulnerabilities in SQlite bundled with SAPUI5

Description
[CVE-2022-41205] Code injection vulnerability in SAP GUI for Windows

Description
[CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

Description
[CVE-2022-41203] Insecure Deserialization of Untrusted Data in SAP BusinessObjects Business Intelligence Platform (Central Management Console and BI Launchpad)

Description
[CVE-2022-35296] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Author

Description
Missing authorization check in SAP Automotive Solutions

Description
Information Disclosure vulnerability in Master Data Governance

Description
[CVE-2022-35299] Buffer Overflow in SAP SQL Anywhere and SAP IQ

Description
[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console

Description
[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution

Description
[CVE-2022-39015] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform(AdminTools/ Query Builder)

Description
[CVE-2022-41206] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform / Analysis for OLAP

Description
[CVE-2022-39800] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI LaunchPad)

Description
[Multiple CVEs] Multiple vulnerabilities in SAP 3D Visual Enterprise Viewer

Description
Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Description
[CVE-2022-41209] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Description
[CVE-2022-39013] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Program Objects)

Description
[CVE-2022-41210] Information Disclosure Vulnerability in SAP Customer Data Cloud (Gigya)

Description
[CVE-2022-35297] Stored Cross-Site Scripting (XSS) vulnerability in SAP Enable Now

Description
[CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One

Description
Update 1 to Security Note 3165333 - [CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2022-39014] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2022-35298] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)

Description
[CVE-2022-39799] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)

Description
Information Disclosure vulnerability in SAP CRM WebClient

Description
[CVE-2022-35294] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

Description
[CVE-2022-39801] Insufficient Firefighter Session Expiration in SAP GRC Access Control Emergency Access Management

Description
Missing authorization check in Consumption of CDS Views (or) OData Services in QM-QN

Description
[CVE-2022-35295] Privilege Escalation Vulnerability in SAPOSCOL on Unix

Description
Information Disclosure vulnerability in SAP Business Client

Description
Missing Authorization check in Portugal Digital Signature

Description
[CVE-2022-35293] Missing authorization check in SAP Enable Now Manager

Description
[CVE-2022-32244] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Commentary DB)

Description
[CVE-2022-31596] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Monitoring DB)

Description
[CVE-2022-32245] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Open Document)

Description
[CVE-2022-35290] Information Disclosure in SAP Authenticator for Android

Description
Information Disclosure in SAP Landscape Management

Description
[CVE-2022-31593] Code Injection vulnerability in SAP Business One

Description
[CVE-2022-28771] Missing Authentication check in SAP Business One (License service API)

Description
[CVE-2022-35227] Cross-Site Scripting (XSS) vulnerability in SAP NW EP WPC

Description
[CVE-2022-35228] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
Information Disclosure vulnerability in ABAP Platform

Description
[CVE-2022-32246] SQL Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Visual Difference Application)

Description
[CVE-2022-35169] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (LCM)

Description
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2022-31591] Privilege Escalation vulnerability in SAP BusinessObjects (BW Publisher Service)

Description
[CVE-2022-35172] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-31598] Cross-Site Scripting (XSS) vulnerability in SAP Business Objects

Description
[CVE-2022-32247] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-35170] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-35224] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Portal

Description
[CVE-2022-31592] Missing Authorization check in EA-DFPS

Description
[CVE-2022-35168] Denial of Service vulnerability in SAP Business One

Description
[CVE-2022-32249] Information Disclosure vulnerability in SAP Business One

Description
[CVE-2022-31597] Missing Authorization check in SAP S/4HANA(business partner extension for Spain/Slovakia)

Description
[CVE-2022-32248] Missing Input Validation in Manage Checkbooks component of SAP S/4HANA

Description
[CVE-2022-35171] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-35225] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
Missing Authorization Check in multiple components under SAP Automotive Solutions

Description
[CVE-2022-29619] Information Disclosure to user Administrator in SAP BusinessObjects Business Intelligence Platform 4.x

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-27668] Improper Access Control of SAProuter for SAP NetWeaver and ABAP Platform

Description
Missing Authorization check in SAP ERP HCM

Description
Improper Access Control check in SAP NetWeaver basicadmin and adminadapter services

Description
[CVE-2022-31590] Potential privilege escalation in SAP PowerDesigner Proxy 16.7

Description
Cross-Site Scripting (XSS) vulnerability in SAP Marketing Campaigns App

Description
[CVE-2022-29614] Privilege Escalation in SAP startservice of SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database

Description
Unsafe use of target blank in SAP Marketing Campaigns

Description
[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent

Description
[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation

Description
[CVE-2022-29618] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Development Infrastructure (Design Time Repository)

Description
[CVE-2022-29615] Multiple vulnerabilities associated with Apache log4j 1.x component in SAP NetWeaver Developer Studio (NWDS)

Description
[CVE-2022-31589] Segregation of Duty vulnerability in IL FI-AP File from SHAAM program.

Description
[CVE-2022-31594] Privilege escalation vulnerability in SAP Adaptive Server Enterprise (ASE)

Description
[CVE-2022-29610] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP

Description
[CVE-2022-28214] Central Management Server Information Disclosure in Business Intelligence Update

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments front-end

Description
[CVE-2022-28774] Information Disclosure vulnerability in SAP Host Agent logfile

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in in SAP Business One Cloud

Description
[CVE-2022-29616] Memory Corruption vulnerability in SAP Host Agent, SAP NetWeaver and ABAP Platform

Description
Cross-Site Request Forgery (CSRF) vulnerability in F0673 Approve Bank Payments back-end

Description
Missing Authorization check for UI5 flexibility key user functionality

Description
[CVE-2022-27656] Cross-Site Scripting (XSS) vulnerability in administration UI of SAP Webdispatcher and SAP Netweaver AS for ABAP and Java (ICM)

Description
[CVE-2022-29611] Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2022-29613] Information Disclosure vulnerability in SAP Employee Self Service(Fiori My Leave Request)

Description
[CVE-2022-28215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2022-26105] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2022-27670] Denial of service (DOS) in SQL Anywhere

Description
[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP HANA Extended Application Services

Description
[CVE-2022-28216] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (BI Workspace)

Description
[CVE-2021-44832] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)

Description
[CVE-2022-28772]Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)

Description
Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2022-27667] Information Disclosure vulnerability in CMC

Description
[CVE-2022-28773] Denial of service (DOS) in SAP Web Dispatcher and SAP Netweaver (Internet Communication Manager)

Description
Multiple Vulnerabilities in URI.js bundled with SAPUI5

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Profitability Analytics

Description
Enable CSP support for OP1909 in SAP CRM WebClient UI

Description
[CVE-2022-28770] Cross-Site Scripting (XSS) vulnerability in SAPUI5 (vbm library)

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Checkout

Description
[CVE-2022-22965] Central Security Note for Remote Code Execution vulnerability associated with Spring Framework

Description
Update 1 to Security Note 3022622 - [CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence

Description
[CVE-2022-27658] Missing authorization check in SAP Innovation Management

Description
Privilege escalation vulnerability in Apache Tomcat server component of SAP Commerce

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in PowerDesigner Web (up to including 16.7 SP05 PL01)

Description
[CVE-2022-27669] Missing Authentication check in XML Data Archiving Service

Description
[CVE-2022-27657] Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Description
[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Commerce

Description
[CVE-2022-27671] CSRF token visible in one of the URL in SAP Business Intelligence Platform.

Description
[CVE-2022-28217] Missing XML Validation vulnerability in SAP NW EP WPC

Description
[CVE-2022-28213] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (dswsbobje - SOAP Web services)

Description
[CVE-2022-22541] Information Disclosure vulnerability in SAP BusinessObjects Platform

Description
[CVE-2022-24397] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
Directory traversal in Web Container

Description
[CVE-2022-24395] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Work Manager

Description
[CVE-2022-24399] Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

Description
[CVE-2022-26103] Information Disclosure vulnerability in SAP NetWeaver(Real Time Messaging Framework)

Description
[CVE-2022-24398] Information Disclosure vulnerability in SAP Business Objects Business Intelligence Platform

Description
[CVE-2022-22547] Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Description
[CVE-2022-26101] Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

Description
[CVE-2022-26102] Missing authorization check in SAP NetWeaver Application Server for ABAP

Description
[CVE-2022-26100] Denial of service (DOS) in SAPCAR

Description
[CVE-2022-24396] Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

Description
Missing authorization check in S/4HANA finance for advanced payment management

Description
[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation

Description
[CVE-2022-22536] Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher

Description
[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management

Description
[CVE-2022-22542] Information Disclosure vulnerability in SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer)

Description
[CVE-2022-22543] Denial of service (DOS) in SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)

Description
[CVE-2022-22544] Missing segregation of duties in SAP Solution Manager Diagnostics Root Cause Analysis Tools

Description
[CVE-2022-22532] HTTP Request Smuggling in SAP NetWeaver Application Server Java