Sap Уязвимости

Временная шкала

Тип

Продукт

SAP NetWeaver137
SAP 3D Visual Enterprise Viewer97
SAP Business Intelligence Platform47
SAP NetWeaver AS JAVA32
SAP NetWeaver AS ABAP28

Устранение последствий

Official Fix412
Temporary Fix0
Workaround3
Unavailable4
Not Defined748

Эксплуатационная пригодность

High24
Functional0
Proof-of-Concept124
Unproven32
Not Defined987

Вектор доступа

Not Defined0
Physical1
Local58
Adjacent61
Network1047

Аутентификация

Not Defined0
High70
Low382
None715

Взаимодействие с пользователем

Not Defined0
Required350
None817

C3BM Index

CVSSv3 Base

≤10
≤21
≤39
≤464
≤5243
≤6313
≤7201
≤8206
≤970
≤1060

CVSSv3 Temp

≤10
≤21
≤39
≤474
≤5287
≤6303
≤7197
≤8180
≤984
≤1032

VulDB

≤10
≤22
≤323
≤4105
≤5329
≤6239
≤7178
≤8207
≤926
≤1058

NVD

≤10
≤20
≤34
≤413
≤590
≤6110
≤7135
≤8125
≤987
≤1077

CNA

≤10
≤20
≤30
≤40
≤54
≤68
≤79
≤81
≤93
≤108

Поставщик

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤101

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Эксплойт 0-дня

<1k2
<2k2
<5k118
<10k427
<25k484
<50k131
<100k2
≥100k1

Эксплойт сегодня

<1k349
<2k79
<5k312
<10k167
<25k260
<50k0
<100k0
≥100k0

Объем рынка эксплойтов

🔴 CTI Деятельность

Affected Products (351): 3 (2), 3D Visual Enterprise Viewer (97), ABAP (1), ABAP Application Server (1), ABAP Platform (20), ABAP Platform Kernel (1), ABAP Server (2), AS ABAP (2), ASE (2), ASE Database Platform (1), AS JAVA (2), AS JAVA SSO Authentication Library (1), Adaptive Extensions (1), Adaptive Server Enterprise (17), Afaria (7), Analysis for Microsoft Office (1), Application Server ABAP (1), BI Launchpad (1), BI Universal Data Integration (1), BPC (1), BW-4HANA (1), BW4HANA (2), BWA (1), Background Processing (1), Bank Analyzer (1), Banking Services (3), Base (1), Basic Functions for Business Transactions (1), Basis (6), Basis Component 700 (1), Basis Components- Communication Services (1), Brazil (1), Business Client (4), Business Connector (2), Business Intelligence (11), Business Intelligence Development Workbench (2), Business Intelligence Platform (47), Business Intelligence Promotion Management Applicatio (1), Business Intelligence Promotion Management Application (1), Business Intelligence Suite (2), Business Object Processing Framework (1), BusinessObjects (12), Business Objects (4), BusinessObjects Analysis (1), BusinessObjects BI Platform (3), Business Objects BI Platform (1), BusinessObjects BI Platform Servers (1), BusinessObjects Business Intelligence Platform (10), BusinessObjects Edge (1), BusinessObjects Explorer (2), BusinessObjects Financial Consolidation (2), Business Objects Financial Consolidation (1), BusinessObjects Mobile (1), Business Objects Mobile (1), Business Objects Platform (1), Business Objects Web Intelligence (1), BusinessObjects XI (1), Business One (17), Business One 2005-a (1), Business One Chef Cookbook (1), Business One Client (1), Business One Hana Chef Cookbook (2), Business One Mobile App (1), Business One Service Layer (1), Business One for Android (1), Business Planning and Consolidation (1), Business Warehouse (4), Business Warehouse Accelerator (1), Business Warehouse Universal Data Integration (1), Businessobjects (1), Businessobjects Edge (3), BussinessObjects Edge (2), CCMS (1), CCMS Agent (1), CMS (1), CRM (6), CRM WebClient UI (3), Capacity Leveling (1), Central Management Console (1), Change (1), Cloud Connector (6), Cloud Platform (2), Commerce (12), Commerce Cloud (11), CommonCryptoLib (1), Computing Center Management System Monitoring (1), Console (1), Contact Center (4), Content Server (1), Contract Accounting (1), Control - Engineering Workbench (1), Crystal Reports (6), Crystal Reports Server (6), Crystal Reports for VS (1), Crystal Reports for Visual Studio (1), Customer Relationship Management (4), Customer Relationship Management Internet Sales (1), DB (5), DB vServer (1), DMIS Mobile Plug-In (1), Data Hub (1), Data Intelligence (1), Data Services (1), Database (1), Database Monitors (1), Database Server (8), Diagnostic Agent (1), Diagnostics (1), Disclosure Management (15), Document Management Services (1), Download Manager (2), Dynamic Tier (1), E-Commerce (2), E-Recruiting (1), EAPPGLO (1), EC-CUBE (1), EMR Unwired (2), ENGINEAPI (1), EPBC (1), EPBC2 (1), EPM Add-in for Microsoft Office (1), EPM Add-in for SAP Analysis Office (1), ERP (6), ERP Central Component (2), ERP Client for E-Bilanz (1), ERP Financial Accounting (1), ERP Financials Information System (1), ERP HCM (1), ERP HCM Portugal (2), ERP Sales (1), Enable Now (9), Enhancement Pack (1), EnjoySAP (4), Enterprise Central Component (1), Enterprise Financial Services (5), Enterprise Portal (5), Enterprise Resource Planning (1), Enterprise Threat Detection (2), Environment Health And Safety (2), FI Manager Self-Service (1), FSAPPL (1), Financial Consolidation (3), Fiori (2), Fiori BI Launchpad (1), Fiori Client (5), Fiori Launchpad (5), Fiori for SAP S-4HANA (1), Focused RUN (2), Focused Run (2), GRC (1), GUI (7), GUI for Java (1), GUI for Windows (1), Gateway (3), Governance Risk And Compliance (1), Gui (1), Guided Procedures Archive Monitor (1), HANA (28), HANA DB (14), HANA Database (4), HANA Extend Application Services (2), HANA Extended Application Services (15), HANA ICM (1), HANA Web-Based Development Workbench (1), HANA Web-based Development Workbench (1), HANA XS (2), HCM Fiori People Profile (1), HCM Travel Management Fiori Apps (1), Hana DB (1), Hana Extend Application Services (1), Host Agent (3), Hostcontrol (1), Hybris (4), Hybris Commerce (2), IQ (1), Identity Management (4), Industry-Specific Components for Hospitals (1), Information Steward (1), InfraBox (1), Infrastructure (1), Innovation Management (1), Intelligence (3), Internet Communication Framework (1), Internet Communication Manager (1), Internet Graphic Server (1), Internet Graphics Server (23), Internet Graphics Service (11), Internet Transaction Server (9), Inventory Manager (2), J2EE Engine (5), Java AS (2), Java Server (1), KERNEL (1), KERNEL 32 (1), KERNEL 64 (1), KRNL32NUC (2), KRNL32UC (1), KRNL64NUC (2), Kernel (8), Knowledge Management (2), Knowledge Warehouse (1), Krnl64nuc (1), Landscape Management (5), Leasing (1), Lumira Server (1), MESSAGING (1), MII (1), Manufacturing Execution (2), Manufacturing Integration (3), Marketing (2), Master Data Governance (2), Master Data Management (1), MaxDB (6), MaxDB ODBC Driver (1), Message Server (1), Mobile Infrastructure (1), Mobile Platform (9), Mobile SDK Certificate Provider (1), Mobile Secure Android Application (2), MySAP Business Suite (1), NZDT Mapping Table Framework (1), NetWeaver (138), NetWeaver ABAP Server (11), NetWeaver AS ABAP (28), NetWeaver AS ABAP Business Server Pages Test Application IT00 (2), NetWeaver AS JAVA (32), NetWeaver AS for ABAP (4), NetWeaver AS for JAVA (2), NetWeaver Application Server (4), NetWeaver Application Server ABAP (4), NetWeaver Application Server Java (7), NetWeaver Application Server Java Web Container (1), NetWeaver Application Server for ABAP (7), NetWeaver Application Server for Java (4), NetWeaver BI (1), NetWeaver Business Client (2), NetWeaver Business Warehouse (1), NetWeaver Composite Application Framework (1), NetWeaver Development Infrastructure (3), NetWeaver Dispatcher (3), NetWeaver Gateway (7), NetWeaver Guided Procedures (1), NetWeaver Internet Communication Manager (1), NetWeaver Internet Transaction Server (1), NetWeaver J2EE Engine (2), NetWeaver Knowledge Management (2), NetWeaver Knowledge Management Configuration Service (1), NetWeaver Logviewer (2), NetWeaver Master Data Management (2), NetWeaver Portal (4), NetWeaver Process Integration (12), NetWeaver Process Integration Runtime Workbench (1), NetWeaver UDDI Server (2), NetWeaver for Java Application Server (1), Netweaver (2), Netweaver ABAP Application Server (1), Netweaver Abap (2), Netweaver Business Client For Html (1), Netweaver Business Warehouse (1), Netweaver Enterprise Portal (7), Netweaver Exchange Infrastructure (1), Netweaver Java AS (7), Netweaver Java Application Server (3), Netweaver Nw04s (1), Netweaver Software Lifecycle Manager (1), Netweaver Solution Manager (1), Network Interface Router (3), Oil Industry Solution Traders And Schedulers Workbench (1), Open Hub Service (1), OpenUI5 (1), OrientDB (1), Output Management (1), POS (2), Payment Engine (1), Payroll Process (1), Plant Connectivity (2), Portfolio Management (1), Print (1), Process Integration (4), Process Monitoring Infrastructure (1), Production Planning (1), Profile Maintenance (1), Project Management (1), Project System (1), Quality Management (1), R (2), R3 (4), R3 Enterprise Application (1), R3 Enterprise Retail (1), RFC Library (6), Risk Management (4), S-4 HANA (3), S-4HANA (6), S4 HANA (3), S4CORE (2), S4FPSL (1), S4HANA (2), S4HANA Sales (1), SAF-T Framework (1), SAP-JEECOR (1), SAPCAR (4), SAPCRYPTOLIB (1), SAP Content Server (1), SAPLPD (1), SAPSprint (2), SAPUI5 (1), SAP_ABA (1), SAP_XIAF (1), SAPgui (1), SAProuter (2), SCIMono (2), SHANA (1), SLD Registration Program (1), SQL Anywhere (4), SRM MDM Catalog (1), Server Core (1), Setup (1), Simple Diagnostics Agent (2), Software Deployment Manager (2), Software Provisioning Manager (1), Solman (1), Solution Manager (23), SuccessFactors (1), SuccessFactors Mobile Application (1), SuccessFactors Recruiting (1), Supplier Relationship Management (3), Sybase Adaptive Server Enterprise (2), Sybase Unwired Platform Online Data Proxy (1), System Landscape Directory (2), TREX (9), Transaction Data Pool (1), Transport System (1), Treasury (4), UI (2), UI5 (2), UI5 HTTP Handler (1), Upgrade tools (1), Web Application Server (16), Web Dispatcher (3), Web Dynpro ABAP (1), WebDynpro Java (2), Web Dynpro for ABAP (1), Web Dynpro for BSP (1), Web Report Studio (1), Web Services Tool (1), Webintelligence BILaunchPad (1), Work (1), Work Manager (1), adminadapter (1), sap-cloud-sdk (1), saposcol (1)

Link to Vendor Website: https://www.sap.com

ОпубликованоBaseTempУязвимостиProdЭ�RemCTICVE
29.03.20223.53.4SAP Innovation Management эскалация привилегийНеизвестноNot DefinedOfficial Fix0.38CVE-2022-27658
11.03.20225.35.1SAP Simple Diagnostics Agent Service Port 3005 слабая аутентификацияНеизвестноNot DefinedOfficial Fix0.06CVE-2022-24396
11.03.20225.55.3SAP SAPCAR Archive повреждение памятиНеизвестноNot DefinedOfficial Fix0.04CVE-2022-26100
11.03.20223.53.4SAP Focused RUN Real User Monitoring межсайтовый скриптингНеизвестноNot DefinedOfficial Fix0.03CVE-2022-24399
11.03.20224.64.4SAP Financial Consolidation Homepage Message эскалация привилегийFinancial SoftwareNot DefinedOfficial Fix0.04CVE-2022-26104
11.03.20224.34.1SAP Fiori Launchpad межсайтовый скриптингНеизвестноNot DefinedOfficial Fix0.03CVE-2022-26101
11.03.20223.53.4SAP Business Intelligence Platform раскрытие информацииBusiness Process Management SoftwareNot DefinedOfficial Fix0.03CVE-2022-24398
11.03.20225.35.1SAP Simple Diagnostics Agent раскрытие информацииНеизвестноNot DefinedOfficial Fix0.12CVE-2022-22547
10.03.20223.53.4SAP Netweaver Enterprise Portal межсайтовый скриптингSolution Stack SoftwareNot DefinedOfficial Fix0.06CVE-2022-24397
10.03.20223.53.4SAP Netweaver Enterprise Portal межсайтовый скриптингSolution Stack SoftwareNot DefinedOfficial Fix0.12CVE-2022-24395
10.03.20223.53.4SAP NetWeaver Real Time Messaging Framework эскалация привилегийSolution Stack SoftwareNot DefinedOfficial Fix0.04CVE-2022-26103
10.03.20225.55.3SAP NetWeaver Application Server for ABAP эскалация привилегийApplication Server SoftwareNot DefinedOfficial Fix0.03CVE-2022-26102
19.02.20223.53.4SAS Web Report Studio javascript: URL logonAndRender.do межсайтовый скриптингReporting SoftwareNot DefinedNot Defined0.03CVE-2022-25256
10.02.20224.34.1SAP 3D Visual Enterprise Viewer Adobe Illustrator File отказ в обслуживанииНеизвестноNot DefinedOfficial Fix0.07CVE-2022-22538
10.02.20223.53.4SAP S4HANA Supplier Factsheet раскрытие информацииНеизвестноNot DefinedOfficial Fix0.03CVE-2022-22542
10.02.20226.36.0SAP Adaptive Server Enterprise Environment Variable эскалация привилегийНеизвестноNot DefinedOfficial Fix0.07CVE-2022-22528
10.02.20225.55.3SAP ERP HCM Portugal Payroll Data эскалация привилегийEnterprise Resource Planning SoftwareNot DefinedOfficial Fix0.00CVE-2022-22535
10.02.20224.34.1SAP 3D Visual Enterprise Viewer JPEG File Format отказ в обслуживанииНеизвестноNot DefinedOfficial Fix0.00CVE-2022-22539
10.02.20224.34.1SAP 3D Visual Enterprise Viewer Tagged Image File отказ в обслуживанииНеизвестноNot DefinedOfficial Fix0.06CVE-2022-22537
10.02.20223.53.4SAP Business Objects Web Intelligence BI Launchpad межсайтовый скриптингНеизвестноNot DefinedOfficial Fix0.00CVE-2022-22546
10.02.20224.34.1SAP Solution Manager Diagnostics Root Cause Analysis Tools эскалация привилегийНеизвестноNot DefinedOfficial Fix0.03CVE-2022-22544
10.02.20223.53.4SAP NetWeaver Application Server for ABAP SM59 Transaction раскрытие информацииApplication Server SoftwareNot DefinedOfficial Fix0.00CVE-2022-22545
10.02.20228.18.0SAP NetWeaver Application Server ABAP эскалация привилегийApplication Server SoftwareNot DefinedOfficial Fix0.26CVE-2022-22536
10.02.20224.34.1SAP NetWeaver эскалация привилегийSolution Stack SoftwareNot DefinedOfficial Fix0.03CVE-2022-22534
10.02.20225.55.3SAP NetWeaver AS ABAP sql-инъекцияSolution Stack SoftwareNot DefinedOfficial Fix0.03CVE-2022-22540
10.02.20224.34.1SAP NetWeaver Application Server for ABAP Web Dispatcher отказ в обслуживанииApplication Server SoftwareNot DefinedOfficial Fix0.03CVE-2022-22543
10.02.20226.66.5SAP NetWeaver Application Server Java повреждение памятиApplication Server SoftwareNot DefinedOfficial Fix0.00CVE-2022-22533
10.02.20228.07.9SAP NetWeaver Application Server Java Server Request повреждение памятиApplication Server SoftwareNot DefinedOfficial Fix0.00CVE-2022-22532
15.01.20222.62.5SAP Enterprise Threat Detection межсайтовый скриптингНеизвестноNot DefinedOfficial Fix0.05CVE-2022-22529
15.01.20225.55.3SAP S4HANA F0743 Create Single Payment Application эскалация привилегийНеизвестноNot DefinedOfficial Fix0.03CVE-2022-22530
15.01.20223.53.4SAP Business One раскрытие информацииНеизвестноNot DefinedOfficial Fix0.00CVE-2021-44234
15.01.20223.53.4SAP NetWeaver AS ABAP/ABAP Platform Hana Dashboard раскрытие информацииSolution Stack SoftwareNot DefinedOfficial Fix0.08CVE-2021-42067
14.12.20215.55.3SAP SAF-T Framework Privilege EscalationНеизвестноNot DefinedOfficial Fix0.04CVE-2021-44232
14.12.20215.55.3SAP ABAP Server/ABAP Platform Text Extraction Report эскалация привилегийНеизвестноNot DefinedOfficial Fix0.04CVE-2021-44231
14.12.20213.53.4SAP BusinessObjects Business Intelligence Platform Quick Prompt Workflow межсайтовый скриптингBusiness Process Management SoftwareNot DefinedOfficial Fix0.03CVE-2021-42061
14.12.20215.55.3SAP GRC эскалация привилегийНеизвестноNot DefinedOfficial Fix0.06CVE-2021-44233
14.12.20213.53.4SAP Knowledge Warehouse KW межсайтовый скриптингKnowledge Base SoftwareNot DefinedOfficial Fix0.00CVE-2021-42063
14.12.20214.34.1SAP 3D Visual Enterprise Viewer JT File отказ в обслуживанииНеизвестноNot DefinedOfficial Fix0.05CVE-2021-42070
14.12.20214.34.1SAP 3D Visual Enterprise Viewer TIF Image File отказ в обслуживанииНеизвестноNot DefinedOfficial Fix0.04CVE-2021-42069
14.12.20214.34.1SAP 3D Visual Enterprise Viewer GIF File отказ в обслуживанииНеизвестноNot DefinedOfficial Fix0.03CVE-2021-42068
14.12.20212.42.3SAP Business One слабое шифрованиеНеизвестноNot DefinedOfficial Fix0.11CVE-2021-42066
14.12.20214.34.1SAP NetWeaver AS ABAP Transaction эскалация привилегийSolution Stack SoftwareNot DefinedOfficial Fix0.09CVE-2021-44235
14.12.20215.04.8SAP Commerce Flexible Search Java API Privilege EscalationНеизвестноNot DefinedOfficial Fix0.04CVE-2021-42064
10.11.20213.53.4SAP ERP HCM Portugal Report эскалация привилегийEnterprise Resource Planning SoftwareNot DefinedOfficial Fix0.00CVE-2021-42062
10.11.20213.53.4SAP GUI раскрытие информацииНеизвестноNot DefinedOfficial Fix0.03CVE-2021-40503
10.11.20216.36.0SAP Commerce B2B Unit эскалация привилегийНеизвестноNot DefinedOfficial Fix0.04CVE-2021-40502
10.11.20215.55.3SAP ABAP Platform Kernel эскалация привилегийНеизвестноNot DefinedOfficial Fix0.03CVE-2021-40501
10.11.20215.55.3SAP NetWeaver Application Server for ABAP Template Role эскалация привилегийApplication Server SoftwareNot DefinedOfficial Fix0.00CVE-2021-40504
06.11.20214.84.7SAP sap-cloud-sdk раскрытие информацииCloud SoftwareNot DefinedOfficial Fix0.04CVE-2021-41251
12.10.20215.55.3SAP Business One Excel Export эскалация привилегийНеизвестноNot DefinedOfficial Fix0.04CVE-2021-38180

1117 больше записей не показано

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!