Sap Se Sap S 4Hana vulnerabilities

30 known vulnerabilities affecting sap_se/sap_s_4hana.

Total CVEs
30
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH6MEDIUM21

Vulnerabilities

Page 2 of 2
CVE-2023-35870HIGHCVSS 7.3vS4CORE 104v105+2 more2023-07-11
CVE-2023-35870 [HIGH] CWE-732 CVE-2023-35870: When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4C When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily
cvelistv5nvd
CVE-2022-32248MEDIUMCVSS 5.3v101v102+4 more2022-07-12
CVE-2022-32248 [MEDIUM] CWE-20 CVE-2022-32248: Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102 Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data.
cvelistv5nvd
CVE-2022-31597MEDIUMCVSS 5.4vS4CORE 101v102+5 more2022-07-12
CVE-2022-31597 [MEDIUM] CWE-862 CVE-2022-31597: Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application bus Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the da
cvelistv5nvd
CVE-2022-22530HIGHCVSS 8.1v100v101+5 more2022-01-14
CVE-2022-22530 [HIGH] CVE-2022-22530: The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.
cvelistv5nvd
CVE-2022-22531HIGHCVSS 8.1v100v101+5 more2022-01-14
CVE-2022-22531 [HIGH] CVE-2022-22531: The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.
cvelistv5nvd
CVE-2021-33701CRITICALCVSS 9.1fixed in SAPSCORE 125fixed in S4CORE 102+4 more2021-09-15
CVE-2021-33701 [CRITICAL] CWE-89 CVE-2021-33701: DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL
cvelistv5nvd
CVE-2021-38176HIGHCVSS 8.8fixed in 1511fixed in 1610+5 more2021-09-14
CVE-2021-38176 [HIGH] CWE-89 CVE-2021-38176: Due to improper input sanitization, an authenticated user with certain specific privileges can remot Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availab
cvelistv5nvd
CVE-2020-6214MEDIUMCVSS 4.7fixed in 1002020-04-14
CVE-2020-6214 [MEDIUM] CWE-863 CVE-2020-6214: SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in s SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in th
cvelistv5nvd
CVE-2020-6199MEDIUMCVSS 5.4fixed in 100fixed in 101+3 more2020-03-10
CVE-2020-6199 [MEDIUM] CWE-862 CVE-2020-6199: The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN ver The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to
cvelistv5nvd
CVE-2020-6185MEDIUMCVSS 5.4v= 7.50v= 7.51+3 more2020-02-12
CVE-2020-6185 [MEDIUM] CWE-79 CVE-2020-6185: Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4 Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.
cvelistv5nvd
← Previous2 / 2