βΌ CVE-2022-47485 βΌ
π Read
via "National Vulnerability Database".
In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39089 βΌ
π Read
via "National Vulnerability Database".
In mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48250 βΌ
π Read
via "National Vulnerability Database".
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48247 βΌ
π Read
via "National Vulnerability Database".
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48383 βΌ
π Read
via "National Vulnerability Database".
.In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32112 βΌ
π Read
via "National Vulnerability Database".
Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user toΓ access some of its function. This could lead to modification of data impacting the integrity of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48377 βΌ
π Read
via "National Vulnerability Database".
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48386 βΌ
π Read
via "National Vulnerability Database".
the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48373 βΌ
π Read
via "National Vulnerability Database".
In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48248 βΌ
π Read
via "National Vulnerability Database".
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48388 βΌ
π Read
via "National Vulnerability Database".
In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48376 βΌ
π Read
via "National Vulnerability Database".
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48385 βΌ
π Read
via "National Vulnerability Database".
In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30741 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2023-30743 βΌ
π Read
via "National Vulnerability Database".
Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks userΓ’β¬β’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying userΓ’β¬β’s information through phishing attack.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31406 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48384 βΌ
π Read
via "National Vulnerability Database".
In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47469 βΌ
π Read
via "National Vulnerability Database".
In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32111 βΌ
π Read
via "National Vulnerability Database".
In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48389 βΌ
π Read
via "National Vulnerability Database".
In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48370 βΌ
π Read
via "National Vulnerability Database".
In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.π Read
via "National Vulnerability Database".