Lucene search
+L

37 matches found

redhatcve
redhatcve
added 2026/06/05 7:38 p.m.11 views

CVE-2026-34264

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information...

6.5CVSS5.4AI score0.00269EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:33 p.m.9 views

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.5AI score0.00181EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/14 12:9 a.m.3 views

CVE-2026-34264 Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References2
euvd
euvd
added 2026/04/14 12:8 a.m.10 views

EUVD-2026-22166

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/14 12:7 a.m.3 views

CVE-2026-27679 Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
cve
cve
added 2026/04/14 12:6 a.m.16 views

CVE-2026-27673

CVE-2026-27673 describes a missing authorization check in SAP S/4HANA (Private Cloud and On-Premise) that allows an authenticated user to delete files on the operating system and perform unauthorized file operations. The underlying impact reported is: Confidentiality – None, Integrity – Low, Avai...

4.9CVSS5.8AI score0.00158EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/14 12:6 a.m.30 views

CVE-2026-27673 Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

4.9CVSS0.00158EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/14 12:0 a.m.7 views

SAP S/4HANA 安全漏洞

SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. There is a security vulnerability in SAP S/4HANA, which stems from the lack of authorization checks. This vulnerability may lead to the deletion of operating...

4.9CVSS5.8AI score0.00158EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/14 12:0 a.m.6 views

PT-2026-32556

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/04/14 12:0 a.m.10 views

PT-2026-32553

Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...

4.9CVSS5.8AI score0.00158EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/03/11 7:8 a.m.6 views

CVE-2026-27687

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

5.8CVSS5.8AI score0.00262EPSS
Exploits0References1
euvd
euvd
added 2026/02/24 5:23 a.m.10 views

EUVD-2026-7386

Under certain conditions SAP S/4HANA Manage Payment Media allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted...

4.3CVSS5.4AI score0.00196EPSS
Exploits0References2
nessus
nessus
added 2026/02/13 12:0 a.m.4 views

SAP NetWeaver AS ABAP and S/4HANA Missing Authorization Check (3672622)

The version of SAP NetWeaver Application Server ABAP and SAP S/4HANA detected on the remote host is affected by a missing authorization check vulnerability as disclosed in the SAP Security Patch Day February 2026: - SAP NetWeaver Application Server ABAP and SAP S/4HANA is affected by a missing...

6.5CVSS5.7AI score0.0027EPSS
Exploits0References2
nvd
nvd
added 2026/02/10 4:16 a.m.6 views

CVE-2026-0484

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...

6.5CVSS0.0027EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/02/10 3:0 a.m.4 views

CVE-2026-0484 Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...

6.5CVSS5.6AI score0.0027EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/02/10 12:0 a.m.6 views

SAP S/4HANA和SAP NetWeaver Application Server ABAP 输入验证错误漏洞

SAP S/4HANA and SAP NetWeaver Application Server ABAP are both products of the German company SAP. SAP S/4HANA is an enterprise resource management software based on the SAP HANA memory database system. SAP NetWeaver Application Server ABAP is a platform for running and developing applications...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/02/09 12:0 a.m.17 views

PT-2026-7203

Name of the Vulnerable Software and Affected Versions SAP CRM and SAP S/4HANA affected versions not specified Description An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor can exploit a flaw in a generic function module call and execute unauthorized critical functionalities...

9.9CVSS6.3AI score0.0049EPSS
Exploits0References18
ncsc
ncsc
added 2025/12/12 9:29 a.m.12 views

Vulnerabilities fixed in SAP Software

SAP has fixed multiple vulnerabilities in several products, including SAP Solution Manager, SAP jConnect, SAP Web Dispatcher, SAP NetWeaver, SAP S/4 HANA Private Cloud, and SAP BusinessObjects. The vulnerabilities include code injection, deserialization, and insufficient input validation, which c...

9.9CVSS7.4AI score0.64718EPSS
Exploits1References1
euvd
euvd
added 2025/12/09 6:30 p.m.6 views

EUVD-2025-201851

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud Financials General Ledger, an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could...

7.1CVSS6AI score0.00265EPSS
Exploits0References3
nvd
nvd
added 2025/10/14 1:15 a.m.5 views

CVE-2025-42909

SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not...

3CVSS0.00226EPSS
Exploits0References2
Rows per page
Query Builder