Every CVE whose affected-product data names Sap Cloud Connector, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2019-0247 — CVSS 9.8 (critical): SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could…
CVE-2019-0246 — CVSS 9.8 (critical): SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
CVE-2021-33695 — CVSS 9.1 (critical): Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.
CVE-2021-33692 — CVSS 7.5 (high): SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements…
CVE-2024-25642 — CVSS 7.4 (high): Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact…
CVE-2021-33693 — CVSS 6.8 (medium): SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that…
CVE-2021-33694 — CVSS 4.8 (medium): SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to…
CVE-2023-49578 — CVSS 3.5 (low): SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by…