Skip to main content

S 4Hana

13 CVEs product

Monthly

CVE-2023-42475 MEDIUM This Month

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure S 4Hana
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-42473 MEDIUM This Month

S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass S 4Hana
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40306 MEDIUM This Month

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect S 4Hana
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-24524 MEDIUM This Month

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass S 4Hana
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-32248 MEDIUM This Month

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure S 4Hana
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-31597 MEDIUM This Month

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP S 4Hana Sapscore
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-31589 MEDIUM This Month

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Erp Financial Accounting Erp Localization For Cee Countries S 4Hana
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-38176 HIGH This Week

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Landscape Transformation Landscape Transformation Replication Server S 4Hana Test Data Migration Server
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-6316 MEDIUM This Month

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp S 4Hana
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-6212 MEDIUM This Month

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp S 4Hana
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-6214 MEDIUM This Month

SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass S 4Hana
NVD
CVSS 3.1
4.7
EPSS
0.6%
CVE-2020-6185 MEDIUM This Month

Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver S 4Hana
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-6184 MEDIUM This Month

Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver S 4Hana
NVD
CVSS 3.1
6.1
EPSS
1.0%
EPSS 0% CVSS 4.3
MEDIUM This Month

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure S 4Hana
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass S 4Hana
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect S 4Hana
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass S 4Hana
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure S 4Hana
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP S 4Hana +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Erp Financial Accounting Erp Localization For Cee Countries +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Landscape Transformation Landscape Transformation Replication Server +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp +1
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass S 4Hana
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy