Sap Vulnerabilities
Comprehensive security vulnerability database for Sap products
18
3
9
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2022-41167 | 7.8 | This vulnerability allows an attacker to run malicious code on a victim's computer when they open a specially crafted AutoCAD file in SAP 3D Visual Enterprise Author. The attacker needs the victim to open this manipulated file, which can come from untrusted sources, to exploit the flaw. | sap3d visual enterprise author | Theoretical | over 3 years agoOct 11, 2022 |
| CVE-2022-39808 | 7.8 | This vulnerability allows an attacker to execute malicious code on a victim's system by tricking them into opening a specially crafted 3D object file in SAP 3D Visual Enterprise Author. It requires the victim to open a file from an untrusted source, which can lead to serious security breaches. | sap3d visual enterprise author | Theoretical | over 3 years agoOct 11, 2022 |
| CVE-2022-39806 | 7.8 | This vulnerability allows an attacker to run malicious code on a victim's computer if they open a specially crafted SolidWorks Drawing file in SAP 3D Visual Enterprise Author version 9. The attacker needs the victim to open this manipulated file, which could come from untrusted sources, to exploit the flaw. | sap3d visual enterprise author | Theoretical | over 3 years agoOct 11, 2022 |
| CVE-2022-39805 | 7.8 | This vulnerability allows an attacker to run malicious code on a victim's computer by tricking them into opening a specially crafted graphics file in SAP 3D Visual Enterprise Author. It requires the victim to open a file from an untrusted source, which can lead to serious security breaches. | sap3d visual enterprise author | Theoretical | over 3 years agoOct 11, 2022 |
| CVE-2022-39804 | 7.8 | An attacker can execute malicious code on a victim's system by tricking them into opening a specially crafted SolidWorks Part file in SAP 3D Visual Enterprise Author. This vulnerability requires the victim to open a file from an untrusted source, which can lead to serious security breaches. | sap3d visual enterprise author | Exploit Available | over 3 years agoOct 11, 2022 |
| CVE-2022-39803 | 7.8 | This vulnerability allows an attacker to run malicious code on a victim's computer if they open a specially crafted 3D file from an untrusted source in SAP 3D Visual Enterprise Author. It requires the victim to open the manipulated file, which can exploit memory management flaws in the software. | sap3d visual enterprise author | Theoretical | over 3 years agoOct 11, 2022 |
| CVE-2022-35226 | 6.1 | This vulnerability allows an attacker to inject malicious scripts into the responses of certain pages in the SAP Data Services Management console, potentially compromising users who view those responses. However, the attacker must first log in to the management console, limiting the risk to those with access. | sapdata services | Theoretical | over 3 years agoOct 11, 2022 |
| CVE-2022-35290 | 7.5 | This vulnerability allows an attacker to access restricted information in the SAP Authenticator app for Android. It occurs under specific conditions, meaning that certain circumstances must be met for the attack to succeed. | sapauthenticator | Theoretical | over 3 years agoAug 10, 2022 |
| CVE-2022-28771 | 7.5 | This vulnerability allows an attacker to send harmful requests to the SAP Business One License service without needing to log in, potentially crashing the entire application and making it unavailable to users. The attacker only needs network access to exploit this flaw, which means they don't need any special permissions or credentials. | sapbusiness one license service api | Exploit Available | over 3 years agoJul 12, 2022 |
| CVE-2022-31595 | 8.8 | This vulnerability allows an attacker with an authenticated account to gain higher privileges than intended, potentially letting them access sensitive data or perform unauthorized actions within the SAP Financial Consolidation system. It occurs because the software fails to properly check if the user has permission for certain actions, meaning that simply being logged in is enough for exploitation. | sapadaptive server enterprise | Theoretical | almost 4 years agoJun 14, 2022 |
| CVE-2022-28773 | 7.5 | This vulnerability allows an attacker to cause the SAP Web Dispatcher and Internet Communication Manager to crash, resulting in a denial of service that temporarily disrupts access to the application. The attacker needs to send specially crafted requests that trigger uncontrolled recursion, but the system can automatically restart afterward. | sapnetweaver | Theoretical | almost 4 years agoApr 12, 2022 |
| CVE-2022-22536 | 10.0 | This vulnerability allows an attacker to sneak malicious data into a victim's web request, enabling them to impersonate the victim and potentially manipulate or steal sensitive information. The attacker does not need to be authenticated, making it easier to exploit systems like SAP Content Server and related applications. | sapcontent server | Exploit Available | about 4 years agoFeb 9, 2022 |
| CVE-2022-22531 | 8.1 | An attacker with basic user rights can upload or download files in the SAP S/4HANA application, allowing them to run malicious scripts that could expose or alter sensitive information. This vulnerability arises because the application fails to properly check the files being handled. | saps\/4hana | Exploit Available | about 4 years agoJan 14, 2022 |
| CVE-2022-22530 | 8.1 | This vulnerability allows an attacker with basic user rights to upload harmful files or code into the SAP S/4HANA application, potentially leading to unauthorized changes to critical information or making the application unavailable. The issue arises because the application does not properly check the files being uploaded or downloaded, making it easy for attackers to exploit. | saps\/4hana | Exploit Available | about 4 years agoJan 14, 2022 |
| CVE-2022-22529 | 6.1 | An attacker can exploit a weakness in SAP Enterprise Threat Detection to inject malicious scripts into the user interface, potentially allowing them to steal sensitive information or perform actions on behalf of other users. This vulnerability arises because the system does not properly handle user inputs, and it mainly affects the web interfaces that rely on the SAP UI5 framework. | sapenterprise threat detection | Exploit Available | about 4 years agoJan 14, 2022 |
| CVE-2021-38180 | 9.8 | An attacker can inject harmful commands into an Excel file exported from SAP Business One, which could then run on the victim's computer if they open the file and enable macros in Excel. This means that the victim's security settings must allow for running these commands for the attack to succeed. | sapbusiness one | Exploit Available | over 4 years agoOct 12, 2021 |
| CVE-2021-38163 | 8.8 | This vulnerability allows an attacker, who is already logged in as a regular user, to upload a harmful file that can execute commands on the server with high-level privileges. This means they could access, change, or delete sensitive information, or even take the server offline, making it unusable. | sapnetweaver | Exploit Available | over 4 years agoSep 14, 2021 |
| CVE-2021-38162 | 9.4 | This vulnerability allows an attacker to send specially crafted requests to an SAP Web Dispatcher, which can trick the connected back-end server into executing harmful commands. The attacker does not need to be authenticated, but they may need to send multiple requests to successfully exploit the issue. | sapweb dispatcher | Exploit Available | over 4 years agoSep 14, 2021 |
About Sap Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Sap products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.