CVE-2026-34264
- EPSS 0.05%
- Veröffentlicht 14.04.2026 00:09:12
- Zuletzt bearbeitet 04.05.2026 14:51:26
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This...
CVE-2024-47581
- EPSS 0.09%
- Veröffentlicht 10.12.2024 01:15:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility ar...
CVE-2023-49577
- EPSS 0.11%
- Veröffentlicht 12.12.2023 02:15:07
- Zuletzt bearbeitet 21.11.2024 08:33:35
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an atta...