Skip to main content

Application Interface Framework

4 CVEs product

Monthly

CVE-2024-21737 HIGH This Month

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

SAP RCE Code Injection Application Interface Framework
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-29111 MEDIUM This Month

The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Application Interface Framework
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-29110 MEDIUM This Month

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Abap Platform Application Interface Framework Basis +1
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-29109 MEDIUM This Month

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Code Injection Abap Platform Application Interface Framework Basis +1
NVD
CVSS 3.1
4.6
EPSS
0.3%
EPSS 0% CVSS 8.4
HIGH This Month

In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

SAP RCE Code Injection +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Application Interface Framework
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Abap Platform +3
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Code Injection Abap Platform +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy