CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-27679

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

EUVD-2026-22149

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

CVE-2026-27676

CVE-2026-27676 affects SAP S/4HANA’s OData Service (Manage Technical Object Structures). The vulnerability arises from missing authorization checks, enabling an attacker to update and delete child entities via exposed OData endpoints. Impact is described as low for integrity, with no impact on co...

EUVD-2026-22148

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service Manage Reference Equipment, which stems from the lack of authorization checks. This...

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service. This vulnerability stems from the lack of authorization checks, which may lead to...

Malicious code in @f5rest/odata-v4-service-metadata (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3183cb83976cbb4d5011bae853bc65c285e5204ca17b1435d5ce6801dcfd9e2a The package @f5rest/odata-v4-service-metadata was found to contain malicious code...

CVE-2023-29111

The SAP AIF ODATA service - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application...

CVE-2021-27609

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization...

EUVD-2021-14356

Malware in sbrugna...

EUVD-2023-45871

Malicious code in bioql PyPI...

EUVD-2023-32714

Malicious code in bioql PyPI...

EUVD-2025-7700

Malicious code in bioql PyPI...

CVE-2023-41368

The OData service of the S4 HANA Manage checkbook apps - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call...

SAP Just In Time Elevation of Privilege Vulnerability

SAP Just In Time is an application from SAP Germany designed to enable efficient demand-driven production and logistics throughout the supply chain. An elevation of privilege vulnerability exists in SAP Just In Time, which stems from the OData service not performing the necessary privilege checks...

CVE-2025-26656

OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application...

CVE-2025-26656

OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application...