Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-33688

    SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained.... Read more

    Affected Products : business_one
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-33687

    SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information.... Read more

    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-33686

    Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.... Read more

    Affected Products : business_one
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-33685

    SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data... Read more

    Affected Products : business_one
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2021-33684

    SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.... Read more

    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33683

    SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, W... Read more

    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33682

    SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with basic level privileges to store a malicious script on SAP Lumira Server. The execut... Read more

    Affected Products : lumira_server
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-33681

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the ... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-33680

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the appl... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-33679

    The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious scr... Read more

    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33678

    A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the applic... Read more

    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33677

    SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.... Read more

    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-33676

    A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.... Read more

    Affected Products : customer_relationship_management
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-33675

    Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the ... Read more

    Affected Products : contact_center
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-33674

    Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary cod... Read more

    Affected Products : contact_center
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2021-33673

    Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the emplo... Read more

    Affected Products : contact_center
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2021-33672

    Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the ... Read more

    Affected Products : contact_center
    • Published: Sep. 14, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-33671

    SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization ... Read more

    Affected Products : netweaver_guided_procedures
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-33670

    SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailab... Read more

    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-33669

    Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. For a successful exploitation user interaction from another user is required and could lead to complete impac... Read more

    Affected Products : mobile_sdk_certificate_provider
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292835 Results