Sap Se Sap S 4 Hana vulnerabilities

CVE-2025-31328 [MEDIUM] CWE-352 CVE-2025-31328: SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to tr SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affect

CVE-2024-45282 [MEDIUM] CWE-650 CVE-2024-45282: Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.

CVE-2024-44121 [MEDIUM] CWE-213 CVE-2024-44121: Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application

CVE-2024-4139 [MEDIUM] CWE-862 CVE-2024-4139: Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an auth Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.

CVE-2024-4138 [MEDIUM] CWE-862 CVE-2024-4138: Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an auth Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected.

CVE-2024-30217 [MEDIUM] CWE-862 CVE-2024-30217: Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.

CVE-2024-30216 [MEDIUM] CWE-862 CVE-2024-30216: Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of the application. Confidentiality and Availability are not impacted.

CVE-2020-6316 [MEDIUM] CWE-862 CVE-2020-6316: SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

CVE-2020-6273 [MEDIUM] CWE-862 CVE-2020-6273: SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.

CVE-2020-6212 [MEDIUM] CWE-862 CVE-2020-6212: Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Che

CVE-2020-6233 [MEDIUM] CWE-862 CVE-2020-6233: SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 an SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.

CVE-2020-6188 [HIGH] CWE-862 CVE-2020-6188: VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN ver VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.