Sap Se Sap Business Connector vulnerabilities

CVE-2026-0514 [MEDIUM] CWE-79 CVE-2026-0514: Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated atta Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, imp

CVE-2025-42886 [MEDIUM] CWE-79 CVE-2025-42886: Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenti Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim's b

CVE-2025-42894 [MEDIUM] CWE-22 CVE-2025-42894: Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an adm Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system commands on the server, resulting in a complete comprom

CVE-2025-42892 [MEDIUM] CWE-78 CVE-2025-42892: Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker wi Due to an OS Command Injection vulnerability in SAP Business Connector, an authenticated attacker with administrative access and adjacent network access could upload specially crafted content to the server. If processed by the application, this content enables execution of arbitrary operating system commands. Successful exploitation could lead to ful

CVE-2025-42893 [MEDIUM] CWE-601 CVE-2025-42893: Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could c Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal sensitive information and perform unauthorized actions, imp

CVE-2024-30214 [MEDIUM] CWE-79 CVE-2024-30214: The application allows a high privilege attacker to append a malicious GET query parameter to Servic The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side.

CVE-2024-30215 [MEDIUM] CWE-79 CVE-2024-30215: The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited.