Sap Erp vulnerabilities

CVE-2026-24323 [MEDIUM] CWE-601 CVE-2026-24323: The BSP applications allow an unauthenticated user to inject malicious script content via user-contr The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the

CVE-2026-0505 [MEDIUM] CWE-79 CVE-2026-0505: The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

CVE-2020-6316 [MEDIUM] CWE-862 CVE-2020-6316: SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

CVE-2020-6212 [MEDIUM] CWE-862 CVE-2020-6212: Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Che

CVE-2020-6199 [MEDIUM] CWE-862 CVE-2020-6199: The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN ver The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to

CVE-2020-6188 [HIGH] CWE-862 CVE-2020-6188: VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN ver VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.