SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a mali
SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials. While this issue does not impact the Integrit
SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on th
The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This l
Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this,
Under certain conditions, the memory of SAP GUI
for Windows contains the password used to log on to an SAP system, which might
allow an attacker to get hold of the password and impersonate the affecte
SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able
SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific
Due to insufficient input validation, SAP Commerce (Swagger UI) allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a
SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the p
SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege esca
Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead
Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the s
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) f
Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload
SAP Business Warehouse - Business Planning and
Simulation application does not sufficiently encode user-controlled inputs,
resulting in Stored Cross-Site Scripting (XSS) vulnerability. This
vulnerabil
DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of their choice i
SAPUI5 (Search UI) allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clickin
Page 1+ Next →