Filtered by vendor Sap Subscriptions
Filtered by product Sapcar Subscriptions

Search

Switch to Advanced Search (Beta)
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-42992 1 Sap 1 Sapcar 2025-07-11 6.9 Medium
SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system.
CVE-2025-43001 1 Sap 1 Sapcar 2025-07-11 6.9 Medium
SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with signed archives without breaking the signature, but it has a low impact on the confidentiality and availability of the system.
CVE-2017-8852 1 Sap 1 Sapcar 2025-04-20 N/A
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
CVE-2016-5845 1 Sap 1 Sapcar 2025-04-12 5.5 Medium
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
CVE-2022-26100 1 Sap 1 Sapcar 2024-11-21 9.8 Critical
SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.