Sap Se Sap Business Warehouse vulnerabilities

CVE-2026-27686 [MEDIUM] CWE-862 CVE-2026-27686: Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attac Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request processing and causing denial of service. This results in l

CVE-2025-42962 [MEDIUM] CWE-79 CVE-2025-42962: SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.

CVE-2025-25244 [MEDIUM] CWE-862 CVE-2025-25244: SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due t SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed a

CVE-2024-44113 [MEDIUM] CWE-359 CVE-2024-44113: Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated a Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.

CVE-2021-21465 [CRITICAL] CWE-89 CVE-2021-21465: The BW Database Interface allows an attacker with low privileges to execute any crafted database que The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP syst

CVE-2021-21466 [HIGH] CWE-94 CVE-2021-21466: SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versi SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject ma

CVE-2021-21468 [MEDIUM] CWE-862 CVE-2021-21468: The BW Database Interface does not perform necessary authorization checks for an authenticated user, The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.

CVE-2020-26838 [CRITICAL] CWE-78 CVE-2020-26838: SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and S SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in