Sap Vulnérabilités

Chronologie

Taper

Produit

SAP NetWeaver146
SAP 3D Visual Enterprise Viewer125
SAP Business Intelligence Platform50
SAP BusinessObjects Business Intelligence Platform34
SAP NetWeaver AS JAVA34

Contre-mesures

Official Fix674
Temporary Fix0
Workaround3
Unavailable4
Not Defined758

Exploitabilité

High24
Functional0
Proof-of-Concept125
Unproven32
Not Defined1258

Vecteur d'accès

Not Defined0
Physical2
Local62
Adjacent102
Network1273

Authentification

Not Defined0
High96
Low490
None853

Interaction de l'utilisateur

Not Defined0
Required482
None957

C3BM Index

CVSSv3 Base

≤10
≤21
≤311
≤480
≤5329
≤6384
≤7262
≤8222
≤985
≤1065

CVSSv3 Temp

≤10
≤21
≤312
≤492
≤5370
≤6385
≤7250
≤8194
≤9101
≤1034

VulDB

≤10
≤23
≤337
≤4159
≤5426
≤6268
≤7225
≤8226
≤936
≤1059

NVD

≤10
≤20
≤34
≤413
≤5102
≤6146
≤7161
≤8170
≤9103
≤1088

CNA

≤10
≤20
≤32
≤48
≤523
≤634
≤765
≤814
≤921
≤1025

Fournisseur

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤101

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploiter 0 jour

<1k2
<2k3
<5k144
<10k580
<25k588
<50k119
<100k2
≥100k1

Exploiter aujourd'hui

<1k533
<2k151
<5k318
<10k248
<25k189
<50k0
<100k0
≥100k0

Exploiter le volume du marché

🔴 CTI Activités

Affected Products (416): 3 (2), 3D Visual Enterprise Author (33), 3D Visual Enterprise Viewer (125), ABAP (1), ABAP (1), ABAP Application Server (1), ABAP Managed Systems (1), ABAP Platform (29), ABAP Platform Kernel (1), ABAP Server (2), AIF (1), AS ABAP (2), ASE (2), ASE Database Platform (1), AS JAVA (2), AS JAVA SSO Authentication Library (1), AS NetWeaver JAVA (1), Adaptive Extensions (1), Adaptive Server Enterprise (18), Afaria (7), Analysis for Microsoft Office (1), Application Interface (2), Application Interface Framework (1), Application Server ABAP (1), Application Server Java (1), Authenticator (2), BASIS (1), BI Launchpad (1), BI Universal Data Integration (1), BOE AdminTools (1), BOE SDK (1), BPC (1), BPC MS (1), BSP Application (1), BW-4HANA (2), BW4HANA (2), BWA (1), Background Processing (1), Bank Account Management (1), Bank Analyzer (1), Banking Services (3), Base (1), Basic Functions for Business Transactions (1), Basis (6), Basis Component 700 (1), Basis Components- Communication Services (1), Biller Direct (1), Brazil (1), Business Client (4), Business Connector (2), Business Intelligence (11), Business Intelligence Development Workbench (2), Business Intelligence Platform (50), Business Intelligence Promotion Management Applicatio (1), Business Intelligence Promotion Management Application (1), Business Intelligence Suite (2), Business Object (1), Business Object Processing Framework (1), Business Objects (5), BusinessObjects (12), BusinessObjects Analysis (1), BusinessObjects BI LaunchPad (1), BusinessObjects BI Platform (4), Business Objects BI Platform (1), BusinessObjects BI Platform Servers (1), BusinessObjects BW Publisher Service (1), BusinessObjects Business Intelligence (1), BusinessObjects Business Intelligence Analysis Edition for OLAP (1), BusinessObjects Business Intelligence Platform (34), Business Objects Business Intelligence Platform (1), BusinessObjects Business Intelligence Platform CMC Application (1), BusinessObjects CMC (1), BusinessObjects Edge (1), BusinessObjects Enterprise (1), BusinessObjects Explorer (2), BusinessObjects Financial Consolidation (2), Business Objects Financial Consolidation (1), BusinessObjects Mobile (1), Business Objects Mobile (1), BusinessObjects Platform (1), Business Objects Platform (2), Business Objects Web Intelligence (2), BusinessObjects XI (1), Business One (19), Business One 2005-a (1), Business One Chef Cookbook (1), Business One Client (2), Business One Hana Chef Cookbook (2), Business One Mobile App (1), Business One Service Layer (1), Business One for Android (1), Business Planning and Consolidation (4), Business Warehouse (5), Business Warehouse Accelerator (1), Business Warehouse Universal Data Integration (1), Businessobjects (1), Businessobjects Edge (3), Business one (1), Business one License Service API (1), BussinessObjects Edge (2), CCMS (1), CCMS Agent (1), CMS (1), CRM (9), CRM ABAP (1), CRM WebClient UI (5), Capacity Leveling (1), Central Management Console (1), Change (1), Cloud Connector (6), Cloud Platform (2), Commerce (13), Commerce Cloud (11), Commerce Webservices (1), CommonCryptoLib (1), Computing Center Management System Monitoring (1), Console (1), Contact Center (4), Content Server (2), Contract Accounting (1), Contract Lifecycle Management (1), Control - Engineering Workbench (1), Crystal Reports (6), Crystal Reports Server (6), Crystal Reports for VS (1), Crystal Reports for Visual Studio (1), Customer Data Cloud (2), Customer Relationship Management (4), Customer Relationship Management Internet Sales (1), DB (5), DB vServer (1), DMIS Mobile Plug-In (1), Data Hub (1), Data Intelligence (1), Data Services (1), Database (1), Database Monitors (1), Database Server (8), Diagnostic Agent (1), Diagnostics (1), Diagnostics Agent (2), Digital Manufacturing (1), Disclosure Management (16), Document Management Services (1), Download Manager (2), Dynamic Tier (1), E-Commerce (2), E-Recruiting (1), EAPPGLO (1), EC-CUBE (1), EMR Unwired (2), ENGINEAPI (1), EPBC (1), EPBC2 (1), EPM Add-in for Microsoft Office (1), EPM Add-in for SAP Analysis Office (1), ERP (8), ERP Central Component (2), ERP Client for E-Bilanz (1), ERP Defense Forces and Public Security (1), ERP Financial Accounting (1), ERP Financials Information System (1), ERP HCM (1), ERP HCM Portugal (2), ERP Sales (1), Employee Self Service (1), Enable Now (14), Enhancement Pack (1), EnjoySAP (4), Enterprise Central Component (1), Enterprise Extension Defense Forces & Public Security (1), Enterprise Financial Services (5), Enterprise Portal (6), Enterprise Resource Planning (1), Enterprise Threat Detection (2), Environment Health And Safety (2), FI Manager Self-Service (1), FSAPPL (1), Financial Consolidation (7), Fiori (2), Fiori BI Launchpad (1), Fiori Client (5), Fiori Launchpad (6), Fiori for SAP S-4HANA (1), Focused RUN (2), Focused Run (3), GRC (2), GRC Access control Emergency Access Management (1), GUI (9), GUI for HTML (1), GUI for Java (1), GUI for Windows (1), Gateway (3), Governance Risk And Compliance (1), Gui (1), Guided Procedures Archive Monitor (1), HANA (29), HANA DB (14), HANA Database (5), HANA Extend Application Services (2), HANA Extended Application Services (15), HANA ICM (1), HANA Web-Based Development Workbench (1), HANA Web-based Development Workbench (1), HANA XS (2), HCM Fiori App My Forms (1), HCM Fiori People Profile (1), HCM Travel Management Fiori Apps (1), Hana DB (1), Hana Extend Application Services (1), Host Agent (8), Hostcontrol (1), Hybris (4), Hybris Commerce (2), IQ (2), Identity Management (4), Industry-Specific Components for Hospitals (1), Information Steward (1), InfraBox (1), Infrastructure (1), Innovation Management (1), Intelligence (3), Internet Communication Framework (1), Internet Communication Manager (4), Internet Graphic Server (1), Internet Graphics Server (23), Internet Graphics Service (11), Internet Transaction Server (9), Inventory Manager (2), J2EE Engine (5), Java AS (2), Java Server (1), KERNEL (1), KERNEL 32 (1), KERNEL 64 (1), KRNL32NUC (2), KRNL32UC (1), KRNL64NUC (2), Kernel (8), Knowledge Management (2), Knowledge Warehouse (1), Krnl64nuc (1), Landscape Management (6), Leasing (1), Lumira Server (1), MESSAGING (1), MII (1), Management Console (1), Manufacturing Execution (3), Manufacturing Integration (3), Marketing (2), Master Data Governance (2), Master Data Management (1), Master Data Synchronization (1), MaxDB (6), MaxDB ODBC Driver (1), Message Server (1), Mobile Infrastructure (1), Mobile Platform (9), Mobile SDK Certificate Provider (1), Mobile Secure Android Application (2), MySAP Business Suite (1), NW EP (1), NZDT Mapping Table Framework (1), NetWeaver (147), NetWeaver ABAP (1), NetWeaver ABAP Server (14), NetWeaver AS ABAP (32), NetWeaver AS ABAP Business Server Pages Test Application IT00 (2), NetWeaver AS JAVA (34), NetWeaver AS Java (1), NetWeaver AS Java for Deploy Service (1), NetWeaver AS for ABAP (5), NetWeaver AS for ABAP and ABAP Platform (3), NetWeaver AS for JAVA (2), NetWeaver AS for Java (3), NetWeaver Administrator (1), NetWeaver Application Server (4), NetWeaver Application Server ABAP (14), NetWeaver Application Server Java (7), NetWeaver Application Server Java Web Container (1), NetWeaver Application Server Java for Classload Service (1), NetWeaver Application Server for ABAP (8), NetWeaver Application Server for ABAP and ABAP Platform (4), NetWeaver Application Server for Java (6), NetWeaver BI (1), NetWeaver Business Client (2), NetWeaver Business Warehouse (1), NetWeaver Composite Application Framework (1), NetWeaver Developer Studio (1), NetWeaver Development Infrastructure (4), NetWeaver Dispatcher (3), NetWeaver Enterprise Portal (2), NetWeaver Gateway (7), NetWeaver Guided Procedures (1), NetWeaver Internet Communication Manager (1), NetWeaver Internet Transaction Server (1), NetWeaver J2EE Engine (2), NetWeaver Knowledge Management (2), NetWeaver Knowledge Management Configuration Service (1), NetWeaver Logviewer (2), NetWeaver Master Data Management (2), NetWeaver Portal (4), NetWeaver Process Integration (16), NetWeaver Process Integration Runtime Workbench (1), NetWeaver UDDI Server (2), NetWeaver for Java Application Server (1), Netweaver (3), Netweaver ABAP Application Server (1), Netweaver Abap (2), Netweaver Business Client For Html (1), Netweaver Business Warehouse (1), Netweaver Enterprise Portal (13), Netweaver Exchange Infrastructure (1), Netweaver Java AS (7), Netweaver Java Application Server (3), Netweaver Nw04s (1), Netweaver Software Lifecycle Manager (1), Netweaver Solution Manager (1), Network Interface Router (3), Oil Industry Solution Traders And Schedulers Workbench (1), Open Hub Service (1), OpenUI5 (1), OrientDB (1), Output Management (1), POS (2), Payment Engine (1), Payroll Process (1), Plant Connectivity (3), Portfolio Management (1), PowerDesigner (1), PowerDesigner Proxy (1), Print (1), Process Integration (4), Process Monitoring Infrastructure (1), Production Planning (1), Profile Maintenance (1), Project Management (1), Project System (1), Quality Management (1), R (2), R3 (4), R3 Enterprise Application (1), R3 Enterprise Retail (1), RFC Library (6), Risk Management (4), S-4 HANA (3), S-4HANA (7), S4 HANA (4), S4CORE (2), S4FPSL (1), S4HANA (5), S4HANA Sales (1), SAF-T Framework (1), SAP-JEECOR (1), SAP BusinessObjects Business Intelligence Platform (4), SAPCAR (4), SAPCRYPTOLIB (1), SAP Content Server (1), SAP Host Agent (1), SAPLPD (1), SAP NetWeaver Application Server (1), SAPRSBRO (1), SAPSprint (2), SAPUI5 (2), SAPUI5 Library (1), SAP Web Dispatcher (1), SAP_ABA (1), SAP_APPL (1), SAP_XIAF (1), SAPgui (1), SAProuter (2), SCIMono (2), SE (1), SHANA (1), SLD Registration Program (1), SQL Anywhere (8), SRM MDM Catalog (1), SapSetup (1), Server Core (1), Setup (1), Simple Diagnostics Agent (2), Software Deployment Manager (2), Software Provisioning Manager (1), Solman (1), Solution Manager (32), Sourcing (1), SuccessFactors (1), SuccessFactors Mobile Application (2), SuccessFactors Recruiting (1), Supplier Relationship Management (3), Sybase Adaptive Server Enterprise (2), Sybase Unwired Platform Online Data Proxy (1), System Landscape Directory (2), TREX (9), Transaction Data Pool (1), Transport System (1), Treasury (4), UI (2), UI5 (2), UI5 HTTP Handler (1), UI5 Variant Management (1), Upgrade tools (1), Web Application Server (16), Web Dispatcher (8), Web Dynpro ABAP (1), WebDynpro Java (2), Web Dynpro for ABAP (1), Web Dynpro for BSP (1), Web Services Tool (1), Webintelligence BILaunchPad (1), Work (1), Work Manager (1), adminadapter (1), sap-cloud-sdk (1), saposcol (1)

Link to Vendor Website: https://www.sap.com

PubliéBaseTempVulnérabilitéProdExpConCTIEPSSCVE
11/07/20235.25.1SAP Enable Now cross site scriptingInconnueNot DefinedOfficial Fix0.000.00054CVE-2023-33988
11/07/20235.25.1SAP Enable Now Response Header cross site scriptingInconnueNot DefinedOfficial Fix0.230.00054CVE-2023-36918
11/07/20236.86.7SAP SQL Anywhere Service dénie de serviceInconnueNot DefinedOfficial Fix0.270.00043CVE-2023-33990
11/07/20234.64.5SAP Business Warehouse/BW-4HANA BW BICS Communication Layer elévation de privilègesInconnueNot DefinedOfficial Fix0.000.00049CVE-2023-33992
11/07/20237.37.1SAP Solution Manager Diagnostics Agent elévation de privilègesInconnueNot DefinedOfficial Fix0.030.00052CVE-2023-36925
11/07/20234.34.3SAP ERP Defense Forces and Public Security elévation de privilègesEnterprise Resource Planning SoftwareNot DefinedOfficial Fix0.030.00046CVE-2023-36924
11/07/20237.37.1SAP Solution Manager Diagnostics Agent Remote Code ExecutionInconnueNot DefinedOfficial Fix0.270.00046CVE-2023-36921
11/07/20235.35.2SAP Enable Now Response Header divulgation de l'informationInconnueNot DefinedOfficial Fix0.160.00054CVE-2023-36919
11/07/20236.36.3SAP S-4HANA Manage Journal Entry Template dénie de serviceInconnueNot DefinedOfficial Fix0.030.00046CVE-2023-35870
11/07/20235.75.7SAP BusinessObjects Business Intelligence Platform elévation de privilègesBusiness Process Management SoftwareNot DefinedOfficial Fix0.040.00087CVE-2023-36917
11/07/20237.87.7SAP Web Dispatcher Request dénie de serviceInconnueNot DefinedOfficial Fix0.040.00102CVE-2023-33987
11/07/20238.48.3SAP Web Dispatcher buffer overflowInconnueNot DefinedOfficial Fix0.430.00057CVE-2023-35871
11/07/20237.27.1SAP NetWeaver BI CONT Add-On directory traversalSolution Stack SoftwareNot DefinedOfficial Fix0.320.00046CVE-2023-33989
11/07/20235.95.8SAP NetWeaver AS for Java Request elévation de privilègesSolution Stack SoftwareNot DefinedOfficial Fix0.080.00052CVE-2023-31405
11/07/20238.48.3SAP NetWeaver ABAP Function Module elévation de privilègesSolution Stack SoftwareNot DefinedOfficial Fix0.050.00052CVE-2023-36922
11/07/20236.96.8SAP NetWeaver Process Integration Runtime Workbench SAP_XITOOL authentification faibleSolution Stack SoftwareNot DefinedOfficial Fix0.030.00052CVE-2023-35873
11/07/20236.96.8SAP NetWeaver Process Integration Message Display Tool authentification faibleSolution Stack SoftwareNot DefinedOfficial Fix0.030.00052CVE-2023-35872
11/07/20235.55.4SAP NetWeaver Application Server ABAP/ABAP Platform authentification faibleApplication Server SoftwareNot DefinedOfficial Fix0.000.00044CVE-2023-35874
13/06/20235.85.8SAP UI5 Variant Management cross site scriptingInconnueNot DefinedOfficial Fix0.000.00048CVE-2023-33991
13/06/20235.25.1SAP CRM ABAP Grantor Management cross site scriptingCustomer Relationship Management SystemNot DefinedOfficial Fix0.050.00046CVE-2023-33986
13/06/20234.94.9SAP Master Data Synchronization MDS Compare Tool elévation de privilègesInconnueNot DefinedOfficial Fix0.450.00043CVE-2023-32115
13/06/20236.26.1SAP Plant Connectivity/Digital Manufacturing JSON Web Token authentification faibleInconnueNot DefinedOfficial Fix0.000.00043CVE-2023-2827
13/06/20235.25.1SAP NetWeaver Enterprise Portal cross site scriptingSolution Stack SoftwareNot DefinedOfficial Fix0.030.00046CVE-2023-33985
13/06/20235.15.1SAP NetWeaver Design Time Repository cross site scriptingSolution Stack SoftwareNot DefinedOfficial Fix0.070.00045CVE-2023-33984
13/06/20232.72.6SAP NetWeaver Change/Transport System dénie de serviceSolution Stack SoftwareNot DefinedOfficial Fix0.050.00044CVE-2023-32114
09/05/20235.25.1SAP CRM WebClient UI cross site scriptingCustomer Relationship Management SystemNot DefinedOfficial Fix0.040.00046CVE-2023-30742
09/05/20234.44.4SAP CRM WebClient UI cross site scriptingCustomer Relationship Management SystemNot DefinedNot Defined0.050.00045CVE-2023-29188
09/05/20234.44.4SAP Business Planning and Consolidation cross site scriptingInconnueNot DefinedOfficial Fix0.030.00045CVE-2023-31407
09/05/20234.14.0SAP SAP_APPL elévation de privilègesInconnueNot DefinedOfficial Fix0.000.00043CVE-2023-32112
09/05/20235.85.8SAP SAPUI5 URL Validation cross site scriptingInconnueNot DefinedOfficial Fix0.090.00046CVE-2023-30743
09/05/20237.57.3SAP PowerDesigner Proxy buffer overflowInconnueNot DefinedOfficial Fix0.110.00046CVE-2023-32111
09/05/20235.05.0SAP GUI NTLM Authentication divulgation de l'informationInconnueNot DefinedOfficial Fix0.040.00091CVE-2023-32113
09/05/20236.36.3SAP BusinessObjects Business Intelligence Platform Login Token divulgation de l'informationBusiness Process Management SoftwareNot DefinedOfficial Fix0.070.00050CVE-2023-28762
09/05/20235.25.1SAP BusinessObjects Business Intelligence Platform RedirectBusiness Process Management SoftwareNot DefinedOfficial Fix0.350.00052CVE-2023-30741
09/05/20235.25.1SAP BusinessObjects Business Intelligence Platform RedirectBusiness Process Management SoftwareNot DefinedOfficial Fix0.030.00052CVE-2023-31406
09/05/20234.64.5SAP BusinessObjects Business Intelligence Platform Central Management Service divulgation de l'informationBusiness Process Management SoftwareNot DefinedOfficial Fix0.030.00045CVE-2023-31404
09/05/20236.16.0SAP BusinessObjects Business Intelligence Platform divulgation de l'informationBusiness Process Management SoftwareNot DefinedOfficial Fix0.090.00048CVE-2023-30740
09/05/20234.44.4SAP BusinessObjects Platform Information Design Tool divulgation de l'informationInconnueNot DefinedNot Defined0.030.00093CVE-2023-28764
09/05/20238.28.1SAP AS NetWeaver JAVA elévation de privilègesProgramming Language SoftwareNot DefinedOfficial Fix0.000.00102CVE-2023-30744
11/04/20233.53.4SAP HCM Fiori App My Forms elévation de privilègesHuman Capital Management SoftwareNot DefinedOfficial Fix0.000.00045CVE-2023-1903
11/04/20234.84.7SAP GUI for HTML cross site scriptingInconnueNot DefinedOfficial Fix0.040.00046CVE-2023-27499
11/04/20237.17.0SAP SapSetup Software Installation Program elévation de privilègesInconnueNot DefinedOfficial Fix0.000.00043CVE-2023-29187
11/04/20235.95.7SAP CRM WebClient UI directory traversalCustomer Relationship Management SystemNot DefinedOfficial Fix0.150.00045CVE-2023-29189
11/04/20239.99.7SAP Diagnostics Agent EventLogServiceCollector authentification faibleInconnueNot DefinedOfficial Fix0.030.00091CVE-2023-27497
11/04/20238.48.3SAP Diagnostics Agent Command Bridge authentification faibleInconnueNot DefinedOfficial Fix0.030.00091CVE-2023-27267
11/04/20234.24.2SAP Application Interface Message Monitoring cross site scriptingInconnueNot DefinedOfficial Fix0.120.00045CVE-2023-29112
11/04/20233.93.8SAP AIF ODATA Service divulgation de l'informationInconnueNot DefinedOfficial Fix0.000.00045CVE-2023-29111
11/04/20234.24.2SAP Application Interface Message Dashboard cross site scriptingInconnueNot DefinedOfficial Fix0.030.00045CVE-2023-29110
11/04/20234.54.5SAP Application Interface Framework Message Dashboard elévation de privilègesInconnueNot DefinedOfficial Fix0.090.00045CVE-2023-29109
11/04/20236.76.7SAP BusinessObjects Business Intelligence Platform Promotion Management divulgation de l'informationBusiness Process Management SoftwareNot DefinedOfficial Fix0.000.00091CVE-2023-28765

1389 plus d'entrées ne sont pas affichées

Do you want to use VulDB in your project?

Use the official API to access entries easily!