SAP

S4core

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-31333

  • EPSS 0.04%
  • Veröffentlicht 08.04.2025 07:15:46
  • Zuletzt bearbeitet 08.04.2025 18:13:53

SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.

5.4

CVE-2024-37172

  • EPSS 0.15%
  • Veröffentlicht 09.07.2024 05:15:11
  • Zuletzt bearbeitet 21.11.2024 09:23:21

SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality and availability but there is no im...

6.5

CVE-2024-39592

Medienbericht
  • EPSS 0.23%
  • Veröffentlicht 09.07.2024 04:15:13
  • Zuletzt bearbeitet 21.11.2024 09:28:04

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.

5.4

CVE-2023-40625

  • EPSS 0.15%
  • Veröffentlicht 12.09.2023 03:15:14
  • Zuletzt bearbeitet 21.11.2024 08:19:50

S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privilege...

7.3

CVE-2023-35870

  • EPSS 0.1%
  • Veröffentlicht 11.07.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:08:51

When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of...

5.5

CVE-2023-32112

  • EPSS 0.04%
  • Veröffentlicht 09.05.2023 02:15:12
  • Zuletzt bearbeitet 21.11.2024 08:02:43

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenti...

5.4

CVE-2023-29110

  • EPSS 0.34%
  • Veröffentlicht 11.04.2023 04:16:07
  • Zuletzt bearbeitet 21.11.2024 07:56:34

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as he...

4.6

CVE-2023-29109

  • EPSS 0.34%
  • Veröffentlicht 11.04.2023 03:15:07
  • Zuletzt bearbeitet 21.11.2024 07:56:33

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas...

9.1

CVE-2021-33701

Exploit
  • EPSS 1.25%
  • Veröffentlicht 15.09.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:24

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged ...

8.8

CVE-2018-2484

  • EPSS 0.52%
  • Veröffentlicht 08.01.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:03:54

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an au...