|
197191
|
6.5 |
MEDIUM
Network
|
sap
|
business_warehouse
|
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database ta…
|
CWE-862
Missing Authorization
|
CVE-2021-21468
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197192
|
4.3 |
MEDIUM
Network
|
sap
|
banking_services
|
SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display…
|
CWE-862
Missing Authorization
|
CVE-2021-21467
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197193
|
9.9 |
CRITICAL
Network
|
sap
|
business_warehouse
|
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the datab…
|
CWE-89
SQL Injection
|
CVE-2021-21465
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197194
|
4.3 |
MEDIUM
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavaila…
|
CWE-20
Improper Input Validation
|
CVE-2021-21464
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197195
|
4.4 |
MEDIUM
Local
|
sap
|
enterprise_performance_management
|
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which…
|
CWE-611
XXE
|
CVE-2021-21470
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197196
|
7.5 |
HIGH
Network
|
sap
|
netweaver_master_data_management
|
When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in th…
|
CWE-200
Information Exposure
|
CVE-2021-21469
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197197
|
8.8 |
HIGH
Network
|
sap
|
bw\/4hana
business_warehouse
|
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module…
|
CWE-94
Code Injection
|
CVE-2021-21466
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197198
|
8.8 |
HIGH
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavaila…
|
CWE-125
Out-of-bounds Read
|
CVE-2021-21463
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197199
|
8.8 |
HIGH
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavaila…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21462
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197200
|
8.8 |
HIGH
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavaila…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-21461
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
