SAP
Monthly
CSS injection in SAP NetWeaver Application Server ABAP allows unauthenticated remote attackers to inject malicious Cascading Style Sheets into web pages served by the application, with exploitation requiring user interaction (clicking or accessing the affected page). The injected CSS executes in the victim's browser context, resulting in low-impact confidentiality loss; integrity and availability are not affected. CVSS 3.1 reflects the limited impact and high attack complexity required.
SAP Business Server Pages TAF_APPLAUNCHER contains a cross-site scripting vulnerability that allows unauthenticated attackers to craft malicious links redirecting users to attacker-controlled sites, potentially exposing or altering sensitive information. The vulnerability requires user interaction (clicking the link) and affects confidentiality and integrity with a CVSS score of 6.1. No active exploitation has been publicly confirmed at time of analysis.
SAP Financial Consolidation permits authenticated attackers to forcibly terminate other users' sessions, temporarily denying them access to the application. The vulnerability has limited impact, affecting only availability through session disconnection while leaving the application itself and all data integrity and confidentiality intact. CVSS score of 4.3 reflects low severity, and no public exploit code or active exploitation has been identified.
OS command injection in SAP NetWeaver Application Server for ABAP and ABAP Platform allows authenticated administrators to execute arbitrary shell commands on the server while bypassing audit logging. The vulnerability affects integrity and availability but not confidentiality, and requires high-privilege administrative access over the network with no user interaction. CVSS 6.5 reflects the high-privilege requirement despite severe impact potential.
Insufficient authorization checks in SAP Incentive and Commission Management allow authenticated users to invoke remote-enabled function modules and perform unauthorized table update operations, compromising data integrity. The vulnerability requires valid user credentials and network access but has limited scope - no confidentiality or availability impact. CVSS 4.3 (low) reflects the authentication requirement and integrity-only impact; no active exploitation or public POC identified at analysis time.
Missing authorization checks in SAP S/4HANA Condition Maintenance allow authenticated attackers to view and modify condition table records they should not have access to, compromising data confidentiality and integrity while potentially denying legitimate users access to those same records. The vulnerability requires valid user credentials but affects all versions of the affected module, with CVSS 6.3 reflecting its multi-faceted impact across three security dimensions.
Missing authorization checks in SAP Strategic Enterprise Management's Scorecard Wizard (Business Server Pages application) allow authenticated users to access restricted information and modify risk evaluation settings without proper authorization. An attacker with valid credentials can view confidential data and alter default configuration values, artificially reducing assessed risk levels to deceive risk assessment processes. No patch availability or active exploitation has been confirmed.
SQL injection in SAP HANA Deployment Infrastructure (HDI) deploy library allows high-privileged users to manipulate dynamically constructed SQL queries, potentially altering SELECT statements and compromising confidentiality and availability. Attack requires local access and high privileges (PR:H), limiting real-world risk despite SQL injection severity. No public exploit code or active exploitation has been identified at the time of analysis.
Code injection in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform allows authenticated attackers to execute arbitrary code for subscribed channel users by sending specially crafted inputs. The vulnerability has low integrity impact with no confidentiality or availability consequences. CVSS 4.3 (low severity) reflects the requirement for authenticated access, but the ability to affect other users elevates practical risk in multi-tenant environments.
Arbitrary server-side code execution in SAP Commerce Cloud via unauthenticated malicious configuration upload and code injection. Attackers can remotely exploit a misconfigured Spring Security framework to upload crafted configuration files and inject code without authentication, requiring only that a user interact with malicious content (CVSS:3.1/AV:N/AC:L/PR:N/UI:R). The vulnerability affects SAP Commerce Cloud Configuration with critical impact across confidentiality, integrity, and availability. No public exploit code or CISA KEV listing identified at time of analysis, though EPSS data unavailable. Patch details available in SAP Security Note 3733064.
SQL injection in SAP S/4HANA Enterprise Search for ABAP allows authenticated attackers to extract sensitive database information and crash the application via malicious SQL statements injected through improperly validated user input. The scope change (S:C) indicates potential lateral movement beyond the vulnerable component. SAP has released security patches (SAP Note 3724838) for this critical vulnerability with CVSS 9.6. No active exploitation confirmed at time of analysis, though the authentication bypass tag suggests potential credential bypass implications.
OS command injection in SAP Forecasting & Replenishment allows authenticated administrators to execute arbitrary system commands through abuse of a non-remote-enabled function, leading to complete system compromise. The vulnerability enables full read/write access to system data and potential system shutdown, though exploitation is constrained to local attack vectors and requires high-privilege administrative access (CVSS 8.2). No public exploit code or active exploitation confirmed at time of analysis, with vendor patch available via SAP Security Patch Day.
Reflected cross-site scripting (XSS) in SAP NetWeaver Application Server ABAP (Business Server Pages) allows unauthenticated attackers to inject malicious scripts via unprotected URL parameters. Successful exploitation requires victim interaction (clicking a crafted link) and affects confidentiality and integrity of application data. No public exploit code or active exploitation reported at time of analysis.
Cross-site request forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform allows unauthenticated attackers to trick authenticated users into sending unintended requests to the web server, resulting in low-impact modifications to application integrity and availability. The vulnerability requires user interaction (clicking a malicious link) and affects all versions of the platform due to insufficient CSRF token validation. No confidentiality impact is present, limiting the attack surface to state-changing operations.
Reflected cross-site scripting (XSS) in SAP BusinessObjects Business Intelligence allows authenticated attackers to inject malicious JavaScript via crafted URLs that execute in victim browsers, potentially exposing restricted information. The vulnerability requires user interaction (clicking a malicious link) and affects only confidentiality with a CVSS score of 4.1 (low severity). No public exploit code or active exploitation has been identified.
SQL injection in SAP Business Planning and Consolidation (BPC) and SAP Business Warehouse (BW) allows authenticated users to execute arbitrary SQL commands against the database. Affected versions span SAP_BW 750-758, BPC4HANA 300, and HANABPC 810/816. The scope-change vector (S:C) indicates attackers can pivot beyond the vulnerable component to compromise database resources serving multiple SAP applications. Despite critical CVSS 9.9 severity, EPSS exploitation probability remains low (0.05%, 14th percentile) with CISA SSVC indicating no current exploitation and non-automatable attack profile. SAP security note 3719353 provides remediation guidance.
SAP S/4HANA frontend OData Service (Manage Reference Structures) allows authenticated users to update and delete child entities without proper authorization checks, enabling privilege escalation and data integrity violations. The vulnerability requires valid user credentials but no special privileges, affecting systems running vulnerable S/4HANA versions. Attackers can exploit exposed OData endpoints to modify or remove reference structure data that should be protected from their access level.
SAP S/4HANA backend OData Service for Manage Reference Structures allows authenticated remote attackers to modify and delete child entities without proper authorization checks, compromising data integrity across reference data structures. The vulnerability requires valid user credentials but no elevated privileges, affecting organizations running vulnerable S/4HANA versions. CVSS 6.5 with confirmed patch availability via SAP Security Patch Day.
SAP S/4HANA OData Service for Manage Reference Equipment lacks authorization checks, allowing authenticated users to modify and delete child entities without proper access controls. The vulnerability affects S/4HANA instances with the vulnerable OData service and requires low-privilege network access, resulting in high integrity impact but no confidentiality or availability risk. No public exploit code or active exploitation has been confirmed.
SAP S/4HANA OData Service for Manage Technical Object Structures allows authenticated users to update and delete child entities without proper authorization checks, enabling unauthorized data modification. The vulnerability affects S/4HANA deployments exposing the vulnerable OData service and requires valid user credentials but no elevated privileges. CVSS base score is 4.3 (low-to-medium severity) with confirmed patch availability from SAP Security Patch Day.
SAP Landscape Transformation allows high-privileged remote attackers to inject arbitrary ABAP code and operating system commands through an RFC-exposed function module, resulting in limited integrity impact where attackers cannot control the scope or extent of modifications. The attack requires high privileges, high complexity, and user interaction, reflected in a CVSS 2.0 score; no public exploit code or active exploitation has been identified.
Cross-site scripting via code injection in SAP NetWeaver Application Server Java Web Dynpro allows unauthenticated remote attackers to inject arbitrary client-side code through crafted input, compromising user sessions and application data integrity when victims interact with the affected functionality. CVSS 6.1 (medium) reflects the requirement for user interaction and limited scope, but exploitation is straightforward with no authentication needed and low attack complexity.
SAP S/4HANA (Private Cloud and On-Premise) allows authenticated local network users to delete arbitrary operating system files due to missing authorization checks, degrading system integrity and availability. The vulnerability requires prior authentication and high complexity attack conditions (AC:H), resulting in a CVSS score of 4.9. No evidence of active exploitation or public proof-of-concept code has been identified, but the authorization bypass is confirmed across both deployment models.
Insecure session management in SAP Business Objects Business Intelligence Platform allows unauthenticated attackers to obtain and reuse valid session tokens, enabling unauthorized access to victim sessions with moderate complexity. An attacker exploiting this vulnerability could access or modify information within the compromised session's scope, affecting confidentiality and integrity. The attack requires user interaction (UI:R) and high attack complexity (AC:H), limiting real-world exploitation but still warranting prioritized remediation for organizations running affected BI Platform versions.
Reflected Cross-Site Scripting (XSS) in SAP Supplier Relationship Management (SRM) SICF Handler allows unauthenticated remote attackers to craft malicious URLs that, when accessed by victims, execute arbitrary JavaScript within their browsers. Successful exploitation enables attackers to steal session credentials, modify procurement data, or perform actions on behalf of authenticated users, affecting confidentiality and integrity of SRM operations. The vulnerability carries a CVSS score of 6.1 with moderate real-world risk due to required user interaction and cross-origin constraints, though no public exploit code or active exploitation has been confirmed at the time of analysis.
SAP Human Capital Management for SAP S/4HANA allows authenticated users with low privileges to enumerate and guess sensitive information through specific authorization check messages, resulting in information disclosure beyond their authorized scope. The vulnerability affects SAP HCM across affected versions and requires low-privilege authenticated access to exploit, with a CVSS score of 6.5 reflecting high confidentiality impact but no integrity or availability compromise.
SAP HANA Cockpit and HANA Database Explorer leak sensitive information to authenticated network users due to improper credential storage mechanisms (CWE-522). An authenticated attacker with network access can retrieve confidential data without requiring elevated privileges or user interaction. This vulnerability affects all versions of SAP HANA Cockpit and HANA Database Explorer; patch availability and active exploitation status are not confirmed from available data.
Missing authorization checks in SAP Business Analytics and SAP Content Management allow authenticated users to invoke unauthorized remote function module calls, enabling confidential data access beyond their assigned permissions. The vulnerability affects all versions of the product and carries a CVSS score of 6.5 with confirmed high confidentiality impact. No public exploit code or active exploitation has been reported at time of analysis.
Open redirect in SAP NetWeaver Application Server ABAP allows unauthenticated attackers to craft malicious URLs that redirect victims to attacker-controlled pages, potentially enabling phishing or credential theft attacks. The vulnerability affects all versions of SAP NetWeaver Application Server ABAP and requires user interaction (URL click). CVSS score of 6.1 reflects moderate risk with low confidentiality and integrity impact but no availability impact. No public exploit code or active exploitation has been reported at time of analysis.
Authenticated remote attackers can overwrite eight-character executable ABAP reports in SAP ERP and SAP S/4HANA systems due to missing authorization checks, enabling denial-of-service conditions when legitimate users execute corrupted reports. This authorization bypass (CWE-862) requires low-privilege authenticated access (CVSS PR:L) and has low attack complexity, combining limited integrity impact with high availability impact (CVSS 7.1). EPSS data not provided; no public exploit identified at time of analysis. Affects SAP ERP and SAP S/4HANA Private Cloud and On-Premise deployments.
Unauthorized access to Database Analyzer Log Files in SAP NetWeaver Application Server for ABAP allows authenticated users to read sensitive database logs through an unprotected RFC function module. An attacker with standard user privileges and access to execute the affected module can bypass authorization checks to disclose confidential information, though system integrity and availability remain unaffected. No patch is currently available to remediate this authorization bypass vulnerability.
Insufficient authorization validation in SAP S/4HANA and ERP HCM Portugal modules allows high-privileged users to view confidential data from other companies. An authenticated attacker with elevated permissions could exploit this cross-tenant data exposure to access sensitive information without proper access controls. No patch is currently available for this medium-severity vulnerability.
SAP Business Warehouse Service API lacks proper authorization controls on RFC function modules, allowing authenticated attackers to modify configurations and disrupt request processing. An attacker with valid credentials could exploit this vulnerability to cause denial of service and alter system integrity without detection. No patch is currently available for this medium-severity vulnerability.
SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files.
SQL injection in SAP NetWeaver Feedback Notifications Service enables authenticated attackers to execute arbitrary database queries by exploiting insufficient input validation. An attacker can manipulate SQL WHERE clauses to access or exfiltrate sensitive database information, with limited impact on system confidentiality and availability. No patch is currently available for this vulnerability.
SAP GUI for Windows improperly loads DLL files from user-accessible directories, enabling arbitrary code execution when GuiXT is enabled. An attacker can exploit this by tricking a user into downloading a malicious DLL to a predictable location, resulting in code execution with the victim's privileges. No patch is currently available for this medium-severity vulnerability.
SAP NetWeaver Application Server for ABAP contains a server-side request forgery vulnerability in a built-in ABAP testing report that allows authenticated attackers to send HTTP requests to arbitrary internal or external endpoints. Successful exploitation could enable reconnaissance of sensitive internal systems and potential data exfiltration, though availability is not impacted. Currently, no patch is available for this vulnerability.
SAP Solution Tools Plug-In (ST-PI) exposes system information to authenticated users due to missing authorization validation in a function module. An attacker with valid credentials can bypass access controls to retrieve sensitive information about the SAP system without requiring user interaction.
SAP Customer Checkout stores operational data with weak encryption that can be accessed and modified by authenticated users with high privileges through local interaction, potentially compromising confidentiality and integrity of application behavior. This vulnerability requires physical access and user interaction but carries no availability impact, affecting SAP industrial deployment environments where no patch is currently available.
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. [CVSS 3.5 LOW]
Missing authorization controls in SAP NetWeaver Application Server for ABAP allow authenticated attackers to invoke specific function modules that manipulate the database configuration table, potentially degrading system performance or causing service interruptions. This authorization bypass affects both system integrity and availability, though it requires valid credentials and no patch is currently available.
DOM-based XSS in SAP Business One Job Service allows unauthenticated attackers to inject malicious code through unvalidated URL query parameters, compromising user sessions when victims interact with crafted links. Successful exploitation could leak sensitive data or modify application content, though availability is not affected. No patch is currently available.
SAP S/4HANA's Manage Payment Media component contains an information disclosure vulnerability that allows authenticated users to access restricted data through certain application conditions. The vulnerability has low confidentiality impact and requires valid credentials to exploit, with no publicly available patch currently available.
Business Server Pages versions up to 740 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Insufficient authorization validation in SAP Strategic Enterprise Management's Balanced Scorecard component allows authenticated users to view restricted information they should not have access to. This authenticated-only vulnerability has low confidentiality impact and requires no user interaction, affecting organizations running affected SAP SEM instances. Currently no patch is available to remediate this authorization bypass.
Unauthorized database modifications in SAP S/4HANA Defense & Security occur due to missing authorization checks in Disconnected Operations, allowing authenticated users to invoke remote-enabled function modules and directly alter standard SAP database tables. The vulnerability has limited impact, affecting only data integrity without compromising confidentiality or system availability. No patch is currently available.
Stored XSS in SAP BusinessObjects Enterprise results from insufficient input encoding, allowing high-privileged administrators to inject malicious JavaScript that executes in other users' browsers. This vulnerability affects confidentiality and integrity with medium severity, though no patch is currently available. Exploitation requires administrative access and user interaction to trigger the malicious payload.
Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 6.5).
Authenticated users in SAP Solution Tools Plug-In (ST-PI) can access sensitive information through a function module that lacks proper authorization controls, allowing disclosure of confidential data without requiring additional privileges. The vulnerability affects all users with basic authentication to the affected SAP systems, as the missing checks permit lateral data exposure across the application.
SAP Commerce Cloud contains unauthenticated API endpoints that expose sensitive information not intended for public access, enabling remote attackers to retrieve confidential data without authentication. The vulnerability has limited impact on confidentiality with no effect on system integrity or availability. No patch is currently available for affected Commerce Cloud deployments.
Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. [CVSS 3.1 LOW]
SAP Business One stores sensitive data unencrypted in memory dump files, allowing high-privileged local users with user interaction to extract credentials and other confidential information. An attacker with access to these dumps could leverage the exposed data to perform unauthorized operations and modify company data within the B1 environment. No patch is currently available for this medium-severity vulnerability.
SAP Business Workflow contains an authorization bypass that allows authenticated administrators to escalate privileges by misusing permissions from lower-sensitivity functions to perform unauthorized high-privilege operations. An attacker with admin credentials can exploit this flaw to compromise data integrity, though confidentiality and availability impacts are limited. No patch is currently available for this vulnerability.
Insufficient authorization checks in SAP Fiori App Manage Service Entry Sheets allow authenticated users to escalate privileges and modify data they should not have access to. The vulnerability affects SAP S/4HANA Core installations and requires user authentication to exploit, limiting the immediate risk but potentially enabling insider threats or account compromise scenarios.
Sap Basis versions up to 700 is affected by improper verification of cryptographic signature (CVSS 8.8).
Netweaver Application Server Java versions up to 7.50 is affected by http response splitting (CVSS 3.4).
Denial of service in SAP NetWeaver's JMS service stems from unsafe deserialization of malicious objects, allowing authenticated administrators with local access to crash the application. The vulnerability requires high privileges and local access but carries no risk to confidentiality or integrity. No patch is currently available.
Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).
Authenticated users of SAP Solution Tools Plug-In can bypass authorization checks to invoke function modules and extract sensitive system configuration details without proper access controls. This information disclosure could enable attackers to gather intelligence for planning targeted follow-up attacks, though the vulnerability carries low confidentiality impact with no effect on system integrity or availability. Currently no patch is available.
Unauthorized Remote Function Call execution in SAP NetWeaver ABAP. Low-privileged users can execute background RFCs without proper authorization checks. CVSS 9.6.
Businessobjects Business Intelligence Platform versions up to 430 is affected by url redirection to untrusted site (open redirect) (CVSS 7.3).
Businessobjects Business Intelligence Platform versions up to 430 is affected by missing authorization (CVSS 7.5).
Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9.
SAP Solution Tools Plug In fails to enforce authorization checks in remote-enabled ABAP function modules, allowing authenticated users to access and disclose sensitive system information. An attacker with valid credentials can query protected data without proper access controls, though system integrity and availability remain unaffected. No patch is currently available for this medium-severity vulnerability.
Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 7.5).
Sap Basis versions up to 700 is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).
Insufficient authorization checks in SAP Fiori App Intercompany Balance Reconciliation allow authenticated users to access data beyond their intended permissions, resulting in privilege escalation with limited confidentiality impact. An attacker with valid credentials can exploit this flaw to view sensitive financial reconciliation information they should not have access to. No patch is currently available.
Reflected XSS in SAP Business Connector enables unauthenticated attackers to craft malicious links that redirect users to attacker-controlled sites, potentially compromising webclient confidentiality and integrity when victims click the link. The vulnerability requires user interaction and has no available patch, making client-side awareness critical for mitigation.
Supplier Relationship Management versions up to 700 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).
SAP Fiori App Intercompany Balance Reconciliation fails to enforce proper authorization controls, allowing authenticated users to escalate privileges and access or modify sensitive data they should not have permission to view. An attacker with valid credentials can exploit missing access checks to compromise the confidentiality and integrity of financial reconciliation data. No patch is currently available for this vulnerability.
SAP Application Server for ABAP and NetWeaver RFCSDK contain an OS command injection vulnerability that allows authenticated administrators with adjacent network access to execute arbitrary system commands by uploading malicious content. Successful exploitation results in complete system compromise affecting confidentiality, integrity, and availability. No patch is currently available.
Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. [CVSS 3.8 LOW]
Missing authorization controls in SAP ECC and SAP S/4HANA EHS Management allow authenticated attackers to extract hardcoded credentials and bypass password authentication through parameter manipulation. Successful exploitation enables attackers to access, modify, or delete change pointer data within EHS objects, potentially compromising downstream systems with low impact to confidentiality and integrity. No patch is currently available.
SAP S/4HANA General Ledger (Private Cloud and On-Premise) has SQL injection allowing authenticated users to read, modify, and delete backend database data with scope change (CVSS 9.9). Financial data is directly at risk.
SAP Wily Introscope Enterprise Manager uses a vulnerable third-party component that allows unauthenticated attackers to create malicious JNLP files at public URLs. Victims who click these URLs execute OS commands on their machines. Scope change. Patch available.
Reflected cross-site scripting in SAP NetWeaver Enterprise Portal enables unauthenticated attackers to inject malicious scripts via URL parameters that execute in users' browsers. Successful exploitation can lead to session hijacking, portal content manipulation, and unauthorized user redirection, affecting confidentiality and integrity with no patch currently available.
SAP S/4HANA (Private Cloud and On-Premise) has the same backdoor vulnerability as CVE-2026-0491 – admin-exploitable ABAP/OS command injection via RFC function module. Patch available.
SAP Product Designer Web UI in Business Server Pages permits authenticated users without administrative privileges to view non-sensitive information they should not access. This authorization bypass affects confidentiality but carries no risk to system integrity or availability. No patch is currently available to remediate this exposure.
SAP Fiori App Intercompany Balance Reconciliation contains an unrestricted file upload vulnerability that permits high-privileged attackers to upload malicious files, including scripts, due to insufficient file format validation. While the direct impact on confidentiality, integrity, and availability is limited, this flaw could enable attackers with administrative access to compromise application functionality or escalate their capabilities. No patch is currently available for this vulnerability.
SAP Fiori App Intercompany Balance Reconciliation contains an email redirection flaw that allows high-privileged attackers to redirect uploaded files to arbitrary email addresses, facilitating targeted phishing attacks. The vulnerability requires high privileges and user interaction, resulting in limited confidentiality, integrity, and availability impact. No patch is currently available for this medium-severity issue.
SAP Fiori App Intercompany Balance Reconciliation contains an information disclosure vulnerability that allows authenticated attackers to access restricted data under specific conditions. The vulnerability requires valid user credentials and network access but does not impact system integrity or availability. No patch is currently available.
SAP Fiori App Intercompany Balance Reconciliation an attacker is affected by cross-site request forgery (csrf) (CVSS 4.3).
Hana Database versions up to 2.00 is affected by missing authentication for critical function (CVSS 8.8).
SAP Landscape Transformation has an admin-exploitable backdoor via RFC function module that allows injection of arbitrary ABAP code and OS commands, bypassing authorization checks. Scope change enables full SAP system compromise.
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CSS injection in SAP NetWeaver Application Server ABAP allows unauthenticated remote attackers to inject malicious Cascading Style Sheets into web pages served by the application, with exploitation requiring user interaction (clicking or accessing the affected page). The injected CSS executes in the victim's browser context, resulting in low-impact confidentiality loss; integrity and availability are not affected. CVSS 3.1 reflects the limited impact and high attack complexity required.
SAP Business Server Pages TAF_APPLAUNCHER contains a cross-site scripting vulnerability that allows unauthenticated attackers to craft malicious links redirecting users to attacker-controlled sites, potentially exposing or altering sensitive information. The vulnerability requires user interaction (clicking the link) and affects confidentiality and integrity with a CVSS score of 6.1. No active exploitation has been publicly confirmed at time of analysis.
SAP Financial Consolidation permits authenticated attackers to forcibly terminate other users' sessions, temporarily denying them access to the application. The vulnerability has limited impact, affecting only availability through session disconnection while leaving the application itself and all data integrity and confidentiality intact. CVSS score of 4.3 reflects low severity, and no public exploit code or active exploitation has been identified.
OS command injection in SAP NetWeaver Application Server for ABAP and ABAP Platform allows authenticated administrators to execute arbitrary shell commands on the server while bypassing audit logging. The vulnerability affects integrity and availability but not confidentiality, and requires high-privilege administrative access over the network with no user interaction. CVSS 6.5 reflects the high-privilege requirement despite severe impact potential.
Insufficient authorization checks in SAP Incentive and Commission Management allow authenticated users to invoke remote-enabled function modules and perform unauthorized table update operations, compromising data integrity. The vulnerability requires valid user credentials and network access but has limited scope - no confidentiality or availability impact. CVSS 4.3 (low) reflects the authentication requirement and integrity-only impact; no active exploitation or public POC identified at analysis time.
Missing authorization checks in SAP S/4HANA Condition Maintenance allow authenticated attackers to view and modify condition table records they should not have access to, compromising data confidentiality and integrity while potentially denying legitimate users access to those same records. The vulnerability requires valid user credentials but affects all versions of the affected module, with CVSS 6.3 reflecting its multi-faceted impact across three security dimensions.
Missing authorization checks in SAP Strategic Enterprise Management's Scorecard Wizard (Business Server Pages application) allow authenticated users to access restricted information and modify risk evaluation settings without proper authorization. An attacker with valid credentials can view confidential data and alter default configuration values, artificially reducing assessed risk levels to deceive risk assessment processes. No patch availability or active exploitation has been confirmed.
SQL injection in SAP HANA Deployment Infrastructure (HDI) deploy library allows high-privileged users to manipulate dynamically constructed SQL queries, potentially altering SELECT statements and compromising confidentiality and availability. Attack requires local access and high privileges (PR:H), limiting real-world risk despite SQL injection severity. No public exploit code or active exploitation has been identified at the time of analysis.
Code injection in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform allows authenticated attackers to execute arbitrary code for subscribed channel users by sending specially crafted inputs. The vulnerability has low integrity impact with no confidentiality or availability consequences. CVSS 4.3 (low severity) reflects the requirement for authenticated access, but the ability to affect other users elevates practical risk in multi-tenant environments.
Arbitrary server-side code execution in SAP Commerce Cloud via unauthenticated malicious configuration upload and code injection. Attackers can remotely exploit a misconfigured Spring Security framework to upload crafted configuration files and inject code without authentication, requiring only that a user interact with malicious content (CVSS:3.1/AV:N/AC:L/PR:N/UI:R). The vulnerability affects SAP Commerce Cloud Configuration with critical impact across confidentiality, integrity, and availability. No public exploit code or CISA KEV listing identified at time of analysis, though EPSS data unavailable. Patch details available in SAP Security Note 3733064.
SQL injection in SAP S/4HANA Enterprise Search for ABAP allows authenticated attackers to extract sensitive database information and crash the application via malicious SQL statements injected through improperly validated user input. The scope change (S:C) indicates potential lateral movement beyond the vulnerable component. SAP has released security patches (SAP Note 3724838) for this critical vulnerability with CVSS 9.6. No active exploitation confirmed at time of analysis, though the authentication bypass tag suggests potential credential bypass implications.
OS command injection in SAP Forecasting & Replenishment allows authenticated administrators to execute arbitrary system commands through abuse of a non-remote-enabled function, leading to complete system compromise. The vulnerability enables full read/write access to system data and potential system shutdown, though exploitation is constrained to local attack vectors and requires high-privilege administrative access (CVSS 8.2). No public exploit code or active exploitation confirmed at time of analysis, with vendor patch available via SAP Security Patch Day.
Reflected cross-site scripting (XSS) in SAP NetWeaver Application Server ABAP (Business Server Pages) allows unauthenticated attackers to inject malicious scripts via unprotected URL parameters. Successful exploitation requires victim interaction (clicking a crafted link) and affects confidentiality and integrity of application data. No public exploit code or active exploitation reported at time of analysis.
Cross-site request forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform allows unauthenticated attackers to trick authenticated users into sending unintended requests to the web server, resulting in low-impact modifications to application integrity and availability. The vulnerability requires user interaction (clicking a malicious link) and affects all versions of the platform due to insufficient CSRF token validation. No confidentiality impact is present, limiting the attack surface to state-changing operations.
Reflected cross-site scripting (XSS) in SAP BusinessObjects Business Intelligence allows authenticated attackers to inject malicious JavaScript via crafted URLs that execute in victim browsers, potentially exposing restricted information. The vulnerability requires user interaction (clicking a malicious link) and affects only confidentiality with a CVSS score of 4.1 (low severity). No public exploit code or active exploitation has been identified.
SQL injection in SAP Business Planning and Consolidation (BPC) and SAP Business Warehouse (BW) allows authenticated users to execute arbitrary SQL commands against the database. Affected versions span SAP_BW 750-758, BPC4HANA 300, and HANABPC 810/816. The scope-change vector (S:C) indicates attackers can pivot beyond the vulnerable component to compromise database resources serving multiple SAP applications. Despite critical CVSS 9.9 severity, EPSS exploitation probability remains low (0.05%, 14th percentile) with CISA SSVC indicating no current exploitation and non-automatable attack profile. SAP security note 3719353 provides remediation guidance.
SAP S/4HANA frontend OData Service (Manage Reference Structures) allows authenticated users to update and delete child entities without proper authorization checks, enabling privilege escalation and data integrity violations. The vulnerability requires valid user credentials but no special privileges, affecting systems running vulnerable S/4HANA versions. Attackers can exploit exposed OData endpoints to modify or remove reference structure data that should be protected from their access level.
SAP S/4HANA backend OData Service for Manage Reference Structures allows authenticated remote attackers to modify and delete child entities without proper authorization checks, compromising data integrity across reference data structures. The vulnerability requires valid user credentials but no elevated privileges, affecting organizations running vulnerable S/4HANA versions. CVSS 6.5 with confirmed patch availability via SAP Security Patch Day.
SAP S/4HANA OData Service for Manage Reference Equipment lacks authorization checks, allowing authenticated users to modify and delete child entities without proper access controls. The vulnerability affects S/4HANA instances with the vulnerable OData service and requires low-privilege network access, resulting in high integrity impact but no confidentiality or availability risk. No public exploit code or active exploitation has been confirmed.
SAP S/4HANA OData Service for Manage Technical Object Structures allows authenticated users to update and delete child entities without proper authorization checks, enabling unauthorized data modification. The vulnerability affects S/4HANA deployments exposing the vulnerable OData service and requires valid user credentials but no elevated privileges. CVSS base score is 4.3 (low-to-medium severity) with confirmed patch availability from SAP Security Patch Day.
SAP Landscape Transformation allows high-privileged remote attackers to inject arbitrary ABAP code and operating system commands through an RFC-exposed function module, resulting in limited integrity impact where attackers cannot control the scope or extent of modifications. The attack requires high privileges, high complexity, and user interaction, reflected in a CVSS 2.0 score; no public exploit code or active exploitation has been identified.
Cross-site scripting via code injection in SAP NetWeaver Application Server Java Web Dynpro allows unauthenticated remote attackers to inject arbitrary client-side code through crafted input, compromising user sessions and application data integrity when victims interact with the affected functionality. CVSS 6.1 (medium) reflects the requirement for user interaction and limited scope, but exploitation is straightforward with no authentication needed and low attack complexity.
SAP S/4HANA (Private Cloud and On-Premise) allows authenticated local network users to delete arbitrary operating system files due to missing authorization checks, degrading system integrity and availability. The vulnerability requires prior authentication and high complexity attack conditions (AC:H), resulting in a CVSS score of 4.9. No evidence of active exploitation or public proof-of-concept code has been identified, but the authorization bypass is confirmed across both deployment models.
Insecure session management in SAP Business Objects Business Intelligence Platform allows unauthenticated attackers to obtain and reuse valid session tokens, enabling unauthorized access to victim sessions with moderate complexity. An attacker exploiting this vulnerability could access or modify information within the compromised session's scope, affecting confidentiality and integrity. The attack requires user interaction (UI:R) and high attack complexity (AC:H), limiting real-world exploitation but still warranting prioritized remediation for organizations running affected BI Platform versions.
Reflected Cross-Site Scripting (XSS) in SAP Supplier Relationship Management (SRM) SICF Handler allows unauthenticated remote attackers to craft malicious URLs that, when accessed by victims, execute arbitrary JavaScript within their browsers. Successful exploitation enables attackers to steal session credentials, modify procurement data, or perform actions on behalf of authenticated users, affecting confidentiality and integrity of SRM operations. The vulnerability carries a CVSS score of 6.1 with moderate real-world risk due to required user interaction and cross-origin constraints, though no public exploit code or active exploitation has been confirmed at the time of analysis.
SAP Human Capital Management for SAP S/4HANA allows authenticated users with low privileges to enumerate and guess sensitive information through specific authorization check messages, resulting in information disclosure beyond their authorized scope. The vulnerability affects SAP HCM across affected versions and requires low-privilege authenticated access to exploit, with a CVSS score of 6.5 reflecting high confidentiality impact but no integrity or availability compromise.
SAP HANA Cockpit and HANA Database Explorer leak sensitive information to authenticated network users due to improper credential storage mechanisms (CWE-522). An authenticated attacker with network access can retrieve confidential data without requiring elevated privileges or user interaction. This vulnerability affects all versions of SAP HANA Cockpit and HANA Database Explorer; patch availability and active exploitation status are not confirmed from available data.
Missing authorization checks in SAP Business Analytics and SAP Content Management allow authenticated users to invoke unauthorized remote function module calls, enabling confidential data access beyond their assigned permissions. The vulnerability affects all versions of the product and carries a CVSS score of 6.5 with confirmed high confidentiality impact. No public exploit code or active exploitation has been reported at time of analysis.
Open redirect in SAP NetWeaver Application Server ABAP allows unauthenticated attackers to craft malicious URLs that redirect victims to attacker-controlled pages, potentially enabling phishing or credential theft attacks. The vulnerability affects all versions of SAP NetWeaver Application Server ABAP and requires user interaction (URL click). CVSS score of 6.1 reflects moderate risk with low confidentiality and integrity impact but no availability impact. No public exploit code or active exploitation has been reported at time of analysis.
Authenticated remote attackers can overwrite eight-character executable ABAP reports in SAP ERP and SAP S/4HANA systems due to missing authorization checks, enabling denial-of-service conditions when legitimate users execute corrupted reports. This authorization bypass (CWE-862) requires low-privilege authenticated access (CVSS PR:L) and has low attack complexity, combining limited integrity impact with high availability impact (CVSS 7.1). EPSS data not provided; no public exploit identified at time of analysis. Affects SAP ERP and SAP S/4HANA Private Cloud and On-Premise deployments.
Unauthorized access to Database Analyzer Log Files in SAP NetWeaver Application Server for ABAP allows authenticated users to read sensitive database logs through an unprotected RFC function module. An attacker with standard user privileges and access to execute the affected module can bypass authorization checks to disclose confidential information, though system integrity and availability remain unaffected. No patch is currently available to remediate this authorization bypass vulnerability.
Insufficient authorization validation in SAP S/4HANA and ERP HCM Portugal modules allows high-privileged users to view confidential data from other companies. An authenticated attacker with elevated permissions could exploit this cross-tenant data exposure to access sensitive information without proper access controls. No patch is currently available for this medium-severity vulnerability.
SAP Business Warehouse Service API lacks proper authorization controls on RFC function modules, allowing authenticated attackers to modify configurations and disrupt request processing. An attacker with valid credentials could exploit this vulnerability to cause denial of service and alter system integrity without detection. No patch is currently available for this medium-severity vulnerability.
SAP NetWeaver Enterprise Portal Administration has an insecure deserialization vulnerability allowing privileged users to execute code through uploaded files.
SQL injection in SAP NetWeaver Feedback Notifications Service enables authenticated attackers to execute arbitrary database queries by exploiting insufficient input validation. An attacker can manipulate SQL WHERE clauses to access or exfiltrate sensitive database information, with limited impact on system confidentiality and availability. No patch is currently available for this vulnerability.
SAP GUI for Windows improperly loads DLL files from user-accessible directories, enabling arbitrary code execution when GuiXT is enabled. An attacker can exploit this by tricking a user into downloading a malicious DLL to a predictable location, resulting in code execution with the victim's privileges. No patch is currently available for this medium-severity vulnerability.
SAP NetWeaver Application Server for ABAP contains a server-side request forgery vulnerability in a built-in ABAP testing report that allows authenticated attackers to send HTTP requests to arbitrary internal or external endpoints. Successful exploitation could enable reconnaissance of sensitive internal systems and potential data exfiltration, though availability is not impacted. Currently, no patch is available for this vulnerability.
SAP Solution Tools Plug-In (ST-PI) exposes system information to authenticated users due to missing authorization validation in a function module. An attacker with valid credentials can bypass access controls to retrieve sensitive information about the SAP system without requiring user interaction.
SAP Customer Checkout stores operational data with weak encryption that can be accessed and modified by authenticated users with high privileges through local interaction, potentially compromising confidentiality and integrity of application behavior. This vulnerability requires physical access and user interaction but carries no availability impact, affecting SAP industrial deployment environments where no patch is currently available.
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. [CVSS 3.5 LOW]
Missing authorization controls in SAP NetWeaver Application Server for ABAP allow authenticated attackers to invoke specific function modules that manipulate the database configuration table, potentially degrading system performance or causing service interruptions. This authorization bypass affects both system integrity and availability, though it requires valid credentials and no patch is currently available.
DOM-based XSS in SAP Business One Job Service allows unauthenticated attackers to inject malicious code through unvalidated URL query parameters, compromising user sessions when victims interact with crafted links. Successful exploitation could leak sensitive data or modify application content, though availability is not affected. No patch is currently available.
SAP S/4HANA's Manage Payment Media component contains an information disclosure vulnerability that allows authenticated users to access restricted data through certain application conditions. The vulnerability has low confidentiality impact and requires valid credentials to exploit, with no publicly available patch currently available.
Business Server Pages versions up to 740 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Insufficient authorization validation in SAP Strategic Enterprise Management's Balanced Scorecard component allows authenticated users to view restricted information they should not have access to. This authenticated-only vulnerability has low confidentiality impact and requires no user interaction, affecting organizations running affected SAP SEM instances. Currently no patch is available to remediate this authorization bypass.
Unauthorized database modifications in SAP S/4HANA Defense & Security occur due to missing authorization checks in Disconnected Operations, allowing authenticated users to invoke remote-enabled function modules and directly alter standard SAP database tables. The vulnerability has limited impact, affecting only data integrity without compromising confidentiality or system availability. No patch is currently available.
Stored XSS in SAP BusinessObjects Enterprise results from insufficient input encoding, allowing high-privileged administrators to inject malicious JavaScript that executes in other users' browsers. This vulnerability affects confidentiality and integrity with medium severity, though no patch is currently available. Exploitation requires administrative access and user interaction to trigger the malicious payload.
Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 6.5).
Authenticated users in SAP Solution Tools Plug-In (ST-PI) can access sensitive information through a function module that lacks proper authorization controls, allowing disclosure of confidential data without requiring additional privileges. The vulnerability affects all users with basic authentication to the affected SAP systems, as the missing checks permit lateral data exposure across the application.
SAP Commerce Cloud contains unauthenticated API endpoints that expose sensitive information not intended for public access, enabling remote attackers to retrieve confidential data without authentication. The vulnerability has limited impact on confidentiality with no effect on system integrity or availability. No patch is currently available for affected Commerce Cloud deployments.
Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. [CVSS 3.1 LOW]
SAP Business One stores sensitive data unencrypted in memory dump files, allowing high-privileged local users with user interaction to extract credentials and other confidential information. An attacker with access to these dumps could leverage the exposed data to perform unauthorized operations and modify company data within the B1 environment. No patch is currently available for this medium-severity vulnerability.
SAP Business Workflow contains an authorization bypass that allows authenticated administrators to escalate privileges by misusing permissions from lower-sensitivity functions to perform unauthorized high-privilege operations. An attacker with admin credentials can exploit this flaw to compromise data integrity, though confidentiality and availability impacts are limited. No patch is currently available for this vulnerability.
Insufficient authorization checks in SAP Fiori App Manage Service Entry Sheets allow authenticated users to escalate privileges and modify data they should not have access to. The vulnerability affects SAP S/4HANA Core installations and requires user authentication to exploit, limiting the immediate risk but potentially enabling insider threats or account compromise scenarios.
Sap Basis versions up to 700 is affected by improper verification of cryptographic signature (CVSS 8.8).
Netweaver Application Server Java versions up to 7.50 is affected by http response splitting (CVSS 3.4).
Denial of service in SAP NetWeaver's JMS service stems from unsafe deserialization of malicious objects, allowing authenticated administrators with local access to crash the application. The vulnerability requires high privileges and local access but carries no risk to confidentiality or integrity. No patch is currently available.
Commerce Cloud versions up to 2205 contains a vulnerability that allows attackers to a cart entry being created with erroneous product value which could be checked o (CVSS 5.9).
Authenticated users of SAP Solution Tools Plug-In can bypass authorization checks to invoke function modules and extract sensitive system configuration details without proper access controls. This information disclosure could enable attackers to gather intelligence for planning targeted follow-up attacks, though the vulnerability carries low confidentiality impact with no effect on system integrity or availability. Currently no patch is available.
Unauthorized Remote Function Call execution in SAP NetWeaver ABAP. Low-privileged users can execute background RFCs without proper authorization checks. CVSS 9.6.
Businessobjects Business Intelligence Platform versions up to 430 is affected by url redirection to untrusted site (open redirect) (CVSS 7.3).
Businessobjects Business Intelligence Platform versions up to 430 is affected by missing authorization (CVSS 7.5).
Unauthorized code execution in SAP CRM and SAP S/4HANA Scripting Editor. Authenticated attacker exploits generic function module call to execute unauthorized ABAP code. CVSS 9.9.
SAP Solution Tools Plug In fails to enforce authorization checks in remote-enabled ABAP function modules, allowing authenticated users to access and disclose sensitive system information. An attacker with valid credentials can query protected data without proper access controls, though system integrity and availability remain unaffected. No patch is currently available for this medium-severity vulnerability.
Businessobjects Business Intelligence Platform versions up to 430 contains a security vulnerability (CVSS 7.5).
Sap Basis versions up to 700 is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).
Insufficient authorization checks in SAP Fiori App Intercompany Balance Reconciliation allow authenticated users to access data beyond their intended permissions, resulting in privilege escalation with limited confidentiality impact. An attacker with valid credentials can exploit this flaw to view sensitive financial reconciliation information they should not have access to. No patch is currently available.
Reflected XSS in SAP Business Connector enables unauthenticated attackers to craft malicious links that redirect users to attacker-controlled sites, potentially compromising webclient confidentiality and integrity when victims click the link. The vulnerability requires user interaction and has no available patch, making client-side awareness critical for mitigation.
Supplier Relationship Management versions up to 700 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).
SAP Fiori App Intercompany Balance Reconciliation fails to enforce proper authorization controls, allowing authenticated users to escalate privileges and access or modify sensitive data they should not have permission to view. An attacker with valid credentials can exploit missing access checks to compromise the confidentiality and integrity of financial reconciliation data. No patch is currently available for this vulnerability.
SAP Application Server for ABAP and NetWeaver RFCSDK contain an OS command injection vulnerability that allows authenticated administrators with adjacent network access to execute arbitrary system commands by uploading malicious content. Successful exploitation results in complete system compromise affecting confidentiality, integrity, and availability. No patch is currently available.
Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI operations without adequate input neutralization. [CVSS 3.8 LOW]
Missing authorization controls in SAP ECC and SAP S/4HANA EHS Management allow authenticated attackers to extract hardcoded credentials and bypass password authentication through parameter manipulation. Successful exploitation enables attackers to access, modify, or delete change pointer data within EHS objects, potentially compromising downstream systems with low impact to confidentiality and integrity. No patch is currently available.
SAP S/4HANA General Ledger (Private Cloud and On-Premise) has SQL injection allowing authenticated users to read, modify, and delete backend database data with scope change (CVSS 9.9). Financial data is directly at risk.
SAP Wily Introscope Enterprise Manager uses a vulnerable third-party component that allows unauthenticated attackers to create malicious JNLP files at public URLs. Victims who click these URLs execute OS commands on their machines. Scope change. Patch available.
Reflected cross-site scripting in SAP NetWeaver Enterprise Portal enables unauthenticated attackers to inject malicious scripts via URL parameters that execute in users' browsers. Successful exploitation can lead to session hijacking, portal content manipulation, and unauthorized user redirection, affecting confidentiality and integrity with no patch currently available.
SAP S/4HANA (Private Cloud and On-Premise) has the same backdoor vulnerability as CVE-2026-0491 – admin-exploitable ABAP/OS command injection via RFC function module. Patch available.
SAP Product Designer Web UI in Business Server Pages permits authenticated users without administrative privileges to view non-sensitive information they should not access. This authorization bypass affects confidentiality but carries no risk to system integrity or availability. No patch is currently available to remediate this exposure.
SAP Fiori App Intercompany Balance Reconciliation contains an unrestricted file upload vulnerability that permits high-privileged attackers to upload malicious files, including scripts, due to insufficient file format validation. While the direct impact on confidentiality, integrity, and availability is limited, this flaw could enable attackers with administrative access to compromise application functionality or escalate their capabilities. No patch is currently available for this vulnerability.
SAP Fiori App Intercompany Balance Reconciliation contains an email redirection flaw that allows high-privileged attackers to redirect uploaded files to arbitrary email addresses, facilitating targeted phishing attacks. The vulnerability requires high privileges and user interaction, resulting in limited confidentiality, integrity, and availability impact. No patch is currently available for this medium-severity issue.
SAP Fiori App Intercompany Balance Reconciliation contains an information disclosure vulnerability that allows authenticated attackers to access restricted data under specific conditions. The vulnerability requires valid user credentials and network access but does not impact system integrity or availability. No patch is currently available.
SAP Fiori App Intercompany Balance Reconciliation an attacker is affected by cross-site request forgery (csrf) (CVSS 4.3).
Hana Database versions up to 2.00 is affected by missing authentication for critical function (CVSS 8.8).
SAP Landscape Transformation has an admin-exploitable backdoor via RFC function module that allows injection of arbitrary ABAP code and OS commands, bypassing authorization checks. Scope change enables full SAP system compromise.
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.