7 matches found
The vulnerability of the “Manage Bank Statements” component of the SAP S/4HANA software platform allows a perpetrator to influence the integrity of the protected information.
The vulnerability of the “Manage Bank Statements” component of the SAP S/4HANA software platform involves bypassing authentication using a key controlled by the user. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the integrity of the protected informatio...
CVE-2025-27436 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on...
CVE-2025-27433 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...
CVE-2024-45282
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...
CVE-2024-45282
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...
CVE-2024-45282
CVE-2024-45282 affects SAP S/4HANA, specifically the Manage Bank Statements component and its Bank Statement Draft. Fields in the read-only state can be modified via the MERGE method, leading to integrity violations in an OData entity. Root cause: lack of protection against external modifications...
CVE-2024-45282 HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...