Lucene search
K

17 matches found

Cvelist
Cvelist
added 2026/05/12 2:21 a.m.64 views

CVE-2026-40136 Denial of service (DoS) in SAP Financial Consolidation

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

4.3CVSS0.0029EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:19 a.m.57 views

CVE-2026-0502 Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

5.4CVSS0.00121EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 1:16 a.m.4 views

CVE-2026-34256

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

7.1CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:7 a.m.4 views

CVE-2026-27676

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 12:7 a.m.29 views

CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...

2CVSS0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:18 a.m.1 views

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.12 views

PT-2026-7213

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

3.4CVSS5.6AI score0.00164EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/13 1:15 a.m.2 views

CVE-2026-0513 Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application...

4.7CVSS6.4AI score0.00171EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/11 2:9 a.m.4 views

CVE-2025-42914

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiali...

3.1CVSS6.7AI score0.00188EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36545

Name of the Vulnerable Software and Affected Versions: SAP HCM My Timesheet Fiori 2.0 application affected versions not specified Description: The SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of...

6.5CVSS6.3AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.3 views

PT-2025-36547

Name of the Vulnerable Software and Affected Versions: SAP HCM My Timesheet Fiori 2.0 application affected versions not specified Description: The SAP HCM My Timesheet Fiori 2.0 application is susceptible to a privilege escalation issue stemming from missing authorization checks. An authenticated...

3.1CVSS6.1AI score0.00188EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/14 2:24 a.m.18 views

CVE-2025-42955

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of...

3.5CVSS7.1AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/12 2:9 a.m.9 views

CVE-2025-42955 Missing authorization check in SAP Cloud Connector

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of...

3.5CVSS0.00401EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.4 views

PT-2025-32612 · Sap · Sap Cloud Connector

Name of the Vulnerable Software and Affected Versions: SAP Cloud Connector affected versions not specified Description: A missing authorization check in SAP Cloud Connector allows an attacker on an adjacent network with low privileges to send a crafted request to the endpoint responsible for...

3.5CVSS6.8AI score0.00401EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/04/08 7:15 a.m.23 views

CVE-2025-31333 Odata meta-data tampering in SAP S4CORE entity

SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted...

4.3CVSS0.00268EPSS
Exploits0References2
OSV
OSV
added 2024/10/08 4:15 a.m.8 views

CVE-2024-45282

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/11/08 3:48 p.m.4 views

python: TLS handshake bypass

Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are...

5.3CVSS6.8AI score0.0079EPSS
Exploits0References7
Rows per page
Query Builder