Sap Business Planning And Consolidation vulnerabilities

CVE-2023-31407 [MEDIUM] CWE-79 CVE-2023-31407: SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.

CVE-2023-23851 [MEDIUM] CWE-434 CVE-2023-23851: SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business author SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidential

CVE-2023-0016 [CRITICAL] CWE-89 CVE-2023-0016: SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database.

CVE-2022-41268 [HIGH] CWE-269 CVE-2022-41268: In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a s

CVE-2020-6368 [MEDIUM] CWE-79 CVE-2020-6368: SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.