Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Erp Security Vulnerabilities

cve
cve

CVE-2020-6188

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.

8.8CVSS

8.5AI Score

0.001EPSS

2020-02-12 08:15 PM
34
cve
cve

CVE-2020-6199

The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization ...

5.4CVSS

5.4AI Score

0.001EPSS

2020-03-10 09:15 PM
65
cve
cve

CVE-2020-6212

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification...

5.4CVSS

5.4AI Score

0.001EPSS

2020-04-24 11:15 PM
81
cve
cve

CVE-2020-6316

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

4.3CVSS

4.6AI Score

0.001EPSS

2020-11-10 05:15 PM
19
cve
cve

CVE-2020-8967

There is an improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability in php files of GESIO ERP. GESIO ERP all versions prior to 11.2 allows malicious users to retrieve all database information.

10CVSS

9.6AI Score

0.001EPSS

2020-06-01 02:15 PM
25
cve
cve

CVE-2022-30076

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.

5.3CVSS

5.2AI Score

0.001EPSS

2023-04-16 03:15 AM
19
cve
cve

CVE-2022-3944

A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can ...

8.8CVSS

8.7AI Score

0.001EPSS

2022-11-11 08:15 AM
20
11
cve
cve

CVE-2023-26758

Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService.

7.5CVSS

7.6AI Score

0.002EPSS

2023-02-27 04:15 PM
23
cve
cve

CVE-2023-26759

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component.

8.8CVSS

8.9AI Score

0.002EPSS

2023-02-27 04:15 PM
20
cve
cve

CVE-2023-26760

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. This vulnerability allows attackers to access cleartext credentials needed to authenticate to the AS400 system.

7.5CVSS

7.3AI Score

0.002EPSS

2023-02-27 04:15 PM
14
cve
cve

CVE-2023-26762

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability.

8.8CVSS

8.8AI Score

0.001EPSS

2023-02-27 04:15 PM
23