Sap Business Connector vulnerabilities

CVE-2026-0514 [MEDIUM] CWE-79 CVE-2026-0514: Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated atta Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, imp

CVE-2025-42894 [MEDIUM] CWE-22 CVE-2025-42894: Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an adm Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system commands on the server, resulting in a complete comprom

CVE-2025-42892 [MEDIUM] CWE-78 CVE-2025-42892: Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker wi Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to ful

CVE-2025-42893 [MEDIUM] CWE-601 CVE-2025-42893: Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could c Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, imp

CVE-2025-42886 [MEDIUM] CWE-79 CVE-2025-42886: Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenti Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim's b

CVE-2006-0732 [MEDIUM] CVE-2006-0732: Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods

CVE-2006-0731 [MEDIUM] CVE-2006-0731: WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.