Sap Cloud_connector
8 CVEs affecting Sap Cloud_connector. Latest disclosed: 2024-02-13. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-0247 | Critical | 9.8 | 2019-01-08 | SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the be… |
CVE-2019-0246 | Critical | 9.8 | 2019-01-08 | SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. |
CVE-2021-33695 | Critical | 9.1 | 2021-09-15 | Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate. |
CVE-2021-33692 | High | 7.5 | 2021-09-15 | SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' s… |
CVE-2024-25642 | High | 7.4 | 2024-02-13 | Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the… |
CVE-2021-33693 | Medium | 6.8 | 2021-09-15 | SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead… |
CVE-2021-33694 | Medium | 4.8 | 2021-09-15 | SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious c… |
CVE-2023-49578 | Low | 3.5 | 2023-12-12 | SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious… |