Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-27613

    Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would oth... Read more

    Affected Products : chef_business-one-cookbook
    • EPSS Score: %0.04
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2021-27612

    In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.... Read more

    Affected Products : gui_for_windows
    • EPSS Score: %0.18
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 8.2

    HIGH
    CVE-2021-27611

    SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite th... Read more

    Affected Products : netweaver_application_server_abap
    • EPSS Score: %0.11
    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-27610

    SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authe... Read more

    • EPSS Score: %0.55
    • Published: Jun. 16, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27609

    SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to S... Read more

    Affected Products : focused_run
    • EPSS Score: %0.14
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27608

    An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead to complete compromise of confidentiality, Integrity a... Read more

    Affected Products : setup
    • EPSS Score: %0.12
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27607

    SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allo... Read more

    Affected Products : netweaver_as_abap
    • EPSS Score: %0.50
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27606

    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without sp... Read more

    Affected Products : netweaver_as_abap
    • EPSS Score: %0.28
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-27605

    SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker... Read more

    • EPSS Score: %0.12
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.7

    HIGH
    CVE-2021-27604

    In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.... Read more

    Affected Products : netweaver_process_integration
    • EPSS Score: %0.34
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27603

    An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby ca... Read more

    • EPSS Score: %0.51
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2021-27602

    SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this author... Read more

    Affected Products : commerce
    • EPSS Score: %1.44
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2021-27601

    SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker... Read more

    • EPSS Score: %0.16
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2021-27600

    SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently... Read more

    Affected Products : manufacturing_execution
    • EPSS Score: %0.22
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27599

    SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.... Read more

    Affected Products : netweaver_process_integration
    • EPSS Score: %0.23
    • Published: Apr. 14, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-27598

    SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.... Read more

    • EPSS Score: %0.18
    • Published: Apr. 13, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-27597

    SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without spe... Read more

    Affected Products : netweaver_abap
    • EPSS Score: %0.28
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-27596

    When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %0.14
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-27595

    When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %0.14
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-27594

    When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • EPSS Score: %0.15
    • Published: Mar. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291717 Results