Sap Basis vulnerabilities

6 known vulnerabilities affecting sap/basis.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2023-29109MEDIUMCVSS 4.6v755v7562023-04-11

CVE-2023-29109 [MEDIUM] CWE-1236 CVE-2023-29109: The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101 The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel d

CVE-2023-29110MEDIUMCVSS 5.4v755v7562023-04-11

CVE-2023-29110 [LOW] CWE-80 CVE-2023-29110: The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After suc

CVE-2022-41264HIGHCVSS 8.8v7.31v7.40+24 more2022-12-13

CVE-2022-41264 [HIGH] CWE-94 CVE-2022-41264: Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 7 Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full

CVE-2020-6307MEDIUMCVSS 4.3v7.0v7.01+8 more2020-01-14

CVE-2020-6307 [MEDIUM] CWE-863 CVE-2020-6307: Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52 Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

CVE-2019-0248MEDIUMCVSS 5.9v7.52019-01-08

CVE-2019-0248 [MEDIUM] CVE-2019-0248: Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.

CVE-2018-2478HIGHCVSS 7.2≥ 7.0, ≤ 7.02≥ 7.10, ≤ 7.11+4 more2018-11-13

CVE-2018-2478 [HIGH] CVE-2018-2478: An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA install An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the adm user. The commands executed depend upon the privileges of the adm user.