Sap Cloud_connector

8 CVEs affecting Sap Cloud_connector. Latest disclosed: 2024-02-13. Critical: 3, High: 2.

Top CVEs affecting Sap Cloud_connector
CVESeverityScorePublishedSummary
CVE-2019-0247Critical9.82019-01-08SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the be…
CVE-2019-0246Critical9.82019-01-08SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
CVE-2021-33695Critical9.12021-09-15Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.
CVE-2021-33692High7.52021-09-15SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' s…
CVE-2024-25642High7.42024-02-13Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the…
CVE-2021-33693Medium6.82021-09-15SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead…
CVE-2021-33694Medium4.82021-09-15SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious c…
CVE-2023-49578Low3.52023-12-12SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious…