CVE-2021-27605

SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last...

EUVD-2023-44898

Malicious code in bioql PyPI...

CVE-2025-25241

CVE-2025-25241 affects SAP Fiori Apps Reference Library (My Overtime Requests). The root cause is a missing authorization check, permitting a logged-in attacker to view or delete My Overtime Requests and potentially access employee information. The described impact is low for confidentiality and ...

CVE-2023-40306

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity...

Input validation

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity...

CVE-2023-40306 URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity...

CVE-2023-40306

CVE-2023-40306 affects SAP S/4HANA Manage Catalog Items and Cross-Catalog searches in the Fiori apps. The root cause is insufficient URL validation, enabling an open-redirect where an attacker can redirect users to a malicious site. The vulnerability is rated CVSS v3.1 Base Score 6.1 (Medium) wit...

PT-2023-4944 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: The issue is related to insufficient URL validation in the Manage Catalog Items and Cross-Catalog searches Fiori apps, allowing an attacker to redirect users to a malicious site. This m...

CVE-2023-24528

SAP Fiori apps for Travel Management in SAP ERP My Travel Requests - version 600, allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of...

PT-2023-19676 · Sap · Sap Fiori Apps For Travel Management +1

Name of the Vulnerable Software and Affected Versions: SAP Fiori apps for Travel Management in SAP ERP My Travel Requests version 600 Description: The issue allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally...

CVE-2021-27605

SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last...

CVE-2021-27605

Summary: CVE-2021-27605 affects SAP HCM Travel Management Fiori Apps V2 (608). The issue is an improper authorization check that permits an authenticated but unauthorized user to read personnel numbers, enabling privilege escalation. The attacker can access limited personnel data (last name, firs...