SAP

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation t…

SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This ha…

An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious…

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could…

Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted glo…

SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not d…

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to lear…

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile number…

In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and …