231 matches found
EUVD-2026-29363
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...
CVE-2026-40134
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...
CVE-2026-34259
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...
CVE-2026-40134 Missing Authorization Check in SAP Incentive and Commission Management
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...
CVE-2026-34259 OS Command Injection Vulnerability in SAP Forecasting & Replenishment
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modif...
CVE-2026-34259
SAP Forecasting & Replenishment contains an OS Command Execution vulnerability. An authenticated user with administrative privileges can abuse a non-remote-enabled function to execute arbitrary operating system commands, potentially reading/modifying any system data or shutting down the system, c...
PT-2026-39927
Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...
PT-2026-39920
Name of the Vulnerable Software and Affected Versions SAP Forecasting & Replenishment affected versions not specified Description An OS Command Execution issue exists where an authenticated attacker with administrative authorizations can abuse a non-remote-enabled function to execute arbitrary...
CVE-2026-27675
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
EUVD-2026-22170
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...
CVE-2026-34261
CVE-2026-34261 affects SAP Business Analytics and SAP Content Management. Root cause: missing authorization check enables an authenticated user to call certain remote function modules beyond their permissions. Impact: confidentiality is affected; no noted impact to integrity or availability. Expl...
CVE-2026-34261 Missing Authorization check in SAP Business Analytics and SAP Content Management
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...
CVE-2026-34261
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...
CVE-2026-27675
CVE-2026-27675 affects SAP Landscape Transformation via an RFC-exposed function module that could allow a high-privilege attacker to inject arbitrary ABAP code and operating-system commands. The described impact is limited: confidentiality and availability are unaffected, while integrity could be...
CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
CVE-2026-27675 Code Injection vulnerability in SAP Landscape Transformation
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
PT-2026-32555
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or...
SAP Business Analytics和SAP Content Management 安全漏洞
SAP Business Analytics and SAP Content Management are both products of the German company SAP. SAP Business Analytics is a suite of enterprise data analysis and business intelligence solutions. SAP Content Management is an enterprise content storage and document management system. Both SAP Busine...
CVE-2026-27688
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...
CVE-2026-27689
Due to an uncontrolled resource consumption Denial of Service vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution th...