CVE-2024-21737
- EPSS 0.22%
- Veröffentlicht 09.01.2024 02:15:45
- Zuletzt bearbeitet 21.11.2024 08:54:54
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. T...
CVE-2023-29111
- EPSS 0.23%
- Veröffentlicht 11.04.2023 04:16:08
- Zuletzt bearbeitet 21.11.2024 07:56:34
The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the ...
CVE-2023-29110
- EPSS 0.34%
- Veröffentlicht 11.04.2023 04:16:07
- Zuletzt bearbeitet 21.11.2024 07:56:34
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as he...
CVE-2023-29109
- EPSS 0.34%
- Veröffentlicht 11.04.2023 03:15:07
- Zuletzt bearbeitet 21.11.2024 07:56:33
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas...