Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-22537

Summary
Assigner-sap
Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd
Published At-09 Feb, 2022 | 22:05
Updated At-03 Aug, 2024 | 03:14
Rejected At-
Credits

When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sap
Assigner Org ID:e4686d1a-f260-4930-ac4c-2f5c992778dd
Published At:09 Feb, 2022 | 22:05
Updated At:03 Aug, 2024 | 03:14
Rejected At:
▼CVE Numbering Authority (CNA)

When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

Affected Products
Vendor
SAP SESAP SE
Product
SAP 3D Visual Enterprise Viewer
Versions
Affected
  • 9.0
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20
Type: CWE
CWE ID: CWE-20
Description: CWE-20
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://launchpad.support.sap.com/#/notes/3134684
x_refsource_MISC
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
x_refsource_MISC
Hyperlink: https://launchpad.support.sap.com/#/notes/3134684
Resource:
x_refsource_MISC
Hyperlink: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://launchpad.support.sap.com/#/notes/3134684
x_refsource_MISC
x_transferred
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
x_refsource_MISC
x_transferred
Hyperlink: https://launchpad.support.sap.com/#/notes/3134684
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@sap.com
Published At:09 Feb, 2022 | 23:15
Updated At:24 Jul, 2023 | 13:50

When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
SAP SE
sap
>>3d_visual_enterprise_viewer>>9
cpe:2.3:a:sap:3d_visual_enterprise_viewer:9:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-20Secondarycna@sap.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: cna@sap.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://launchpad.support.sap.com/#/notes/3134684cna@sap.com
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlcna@sap.com
Vendor Advisory
Hyperlink: https://launchpad.support.sap.com/#/notes/3134684
Source: cna@sap.com
Resource:
Permissions Required
Vendor Advisory
Hyperlink: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Source: cna@sap.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

692Records found
CVE-2021-27624
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-5.9||MEDIUM
EPSS-0.51% / 65.25%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CiXMLIStreamRawBuffer::readRaw () which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_internet_graphics_serverSAP Internet Graphics Service
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27596
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.17%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 16:58
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CVE-2021-27620
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-5.9||MEDIUM
EPSS-0.51% / 65.25%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method Ups::AddPart() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_internet_graphics_serverSAP Internet Graphics Service
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27594
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.77%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 16:58
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CVE-2021-27593
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 36.77%
||
7 Day CHG~0.00%
Published-22 Mar, 2021 | 16:58
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CVE-2021-21493
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 41.79%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 14:08
Updated-03 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CVE-2020-6359
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:55
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6339
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:43
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6335
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:37
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6343
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:44
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6351
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-6354
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-416
Use After Free
CVE-2020-6356
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:54
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6360
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:55
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6352
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-6327
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:50
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-6322
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:46
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-6345
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:51
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-6331
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:50
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6347
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6328
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:50
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-6340
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:45
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6353
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:54
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-416
Use After Free
CVE-2023-40310
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 60.09%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 01:35
Updated-18 Sep, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.

Action-Not Available
Vendor-SAP SE
Product-powerdesignerSAP PowerDesigner Client
CWE ID-CWE-112
Missing XML Validation
CVE-2021-42069
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-3.3||LOW
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 15:44
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33681
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 52.05%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 11:04
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27627
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-5.9||MEDIUM
EPSS-0.51% / 65.25%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_internet_graphics_serverSAP Internet Graphics Service
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27626
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-5.9||MEDIUM
EPSS-0.51% / 65.25%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CMiniXMLParser::Parse() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_internet_graphics_serverSAP Internet Graphics Service
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27622
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-5.9||MEDIUM
EPSS-0.51% / 65.25%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_internet_graphics_serverSAP Internet Graphics Service
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6321
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.69%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:47
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2020-6358
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:55
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6355
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:55
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6357
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:54
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6346
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6337
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:43
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6349
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6336
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:40
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6361
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:54
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6329
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:51
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-416
Use After Free
CVE-2020-6350
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:53
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6330
Matching Score-8
Assigner-SAP SE
ShareView Details
Matching Score-8
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:50
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-0255
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-8.1||HIGH
EPSS-0.36% / 57.46%
||
7 Day CHG~0.00%
Published-15 Feb, 2019 | 18:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The situation can be misused by any user to leverage privileges to business functionality.

Action-Not Available
Vendor-n/aSAP SE
Product-advanced_business_application_programming_platform_kerneladvanced_business_application_programming_platform_krnl64ucadvanced_business_application_programming_platform_krnl64nucn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0396
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.1||HIGH
EPSS-0.43% / 61.37%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 22:18
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows.

Action-Not Available
Vendor-SAP SE
Product-businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0271
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-0.62% / 68.95%
||
7 Day CHG~0.00%
Published-12 Mar, 2019 | 22:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.

Action-Not Available
Vendor-SAP SE
Product-sap_kerneladvanced_business_application_programming_serveradvanced_business_application_programming_platformABAP ServerABAP Server & Platform
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1929
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||CRITICAL
EPSS-1.33% / 79.11%
||
7 Day CHG~0.00%
Published-20 Jan, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-2465
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.71%
||
7 Day CHG~0.00%
Published-11 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash.

Action-Not Available
Vendor-SAP SE
Product-hanaSAP HANA
CWE ID-CWE-20
Improper Input Validation
CVE-2016-10079
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-26.45% / 96.12%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.

Action-Not Available
Vendor-n/aSAP SE
Product-saplpdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-2462
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.75% / 72.12%
||
7 Day CHG~0.00%
Published-11 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source.

Action-Not Available
Vendor-SAP SE
Product-netweaverSAP NetWeaver BI
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7993
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.68%
||
7 Day CHG~0.00%
Published-10 Nov, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-38182
Matching Score-6
Assigner-SAP SE
ShareView Details
Matching Score-6
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.47%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 15:44
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster.

Action-Not Available
Vendor-kyma-projectSAP SE
Product-kymaKyma
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 13
  • 14
  • Next
Details not found