Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-35227
Publication date:
12/07/2022
A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2022

CVE-2022-35224
Publication date:
12/07/2022
SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim�s web browser session.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-32249
Publication date:
12/07/2022
Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-31655
Publication date:
12/07/2022
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.
Severity CVSS v4.0: Pending analysis
Last modification:
16/07/2022

CVE-2022-31654
Publication date:
12/07/2022
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.
Severity CVSS v4.0: Pending analysis
Last modification:
16/07/2022

CVE-2022-31598
Publication date:
12/07/2022
Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
16/07/2022

CVE-2022-31593
Publication date:
12/07/2022
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
16/07/2022

CVE-2022-31592
Publication date:
12/07/2022
The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
16/07/2022

CVE-2022-32247
Publication date:
12/07/2022
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2022

CVE-2022-32248
Publication date:
12/07/2022
Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2022

CVE-2022-35168
Publication date:
12/07/2022
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2022

CVE-2022-35169
Publication date:
12/07/2022
SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2022
Subscribe to Vulnerabilities