Lucene search
+L

29 matches found

redhatcve
redhatcve
added 2026/06/05 7:18 p.m.12 views

CVE-2026-27681

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

9.9CVSS6.2AI score0.00501EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:26 a.m.9 views

CVE-2023-31407

SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

5.4CVSS6.4AI score0.00345EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-27518

Malware in sbrugna...

5.4CVSS6AI score0.0061EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-35718

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00345EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-27934

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00345EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-44477

Malicious code in bioql PyPI...

8.5CVSS6.6AI score0.00573EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27199

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00296EPSS
Exploits0References2
nvd
nvd
added 2025/09/09 2:15 a.m.4 views

CVE-2025-42930

SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there...

6.5CVSS0.00296EPSS
Exploits0References2
cvelist
cvelist
added 2025/09/09 2:11 a.m.11 views

CVE-2025-42930 Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation

SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there...

6.5CVSS0.00296EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/09/09 2:11 a.m.2 views

CVE-2025-42930 Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation

SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there...

6.5CVSS6AI score0.00296EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/02/05 11:49 p.m.13 views

CVE-2022-41268

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAPBW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized...

8.5CVSS7.2AI score0.00573EPSS
Exploits0References1
nvd
nvd
added 2023/05/09 2:15 a.m.19 views

CVE-2023-31407

SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

5.4CVSS5.3AI score0.00345EPSS
Exploits0References2
prion
prion
added 2023/05/09 2:15 a.m.14 views

Cross site scripting

SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

4.9CVSS5.3AI score0.00345EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/05/09 1:37 a.m.8 views

CVE-2023-31407 Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

5.4CVSS5.4AI score0.00345EPSS
Exploits0References2
cvelist
cvelist
added 2023/05/09 1:37 a.m.25 views

CVE-2023-31407 Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

5.4CVSS5.6AI score0.00345EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/05/09 12:0 a.m.6 views

PT-2023-23301 · Sap · Sap Business Planning/Consolidation

Name of the Vulnerable Software and Affected Versions: SAP Business Planning and Consolidation versions 740, 750 Description: The issue allows an authorized attacker to upload a malicious file, resulting in a Cross-Site Scripting issue. After successful exploitation, an attacker can cause limited...

5.4CVSS5.3AI score0.00345EPSS
Exploits0References4
osv
osv
added 2023/02/14 4:15 a.m.4 views

CVE-2023-23851

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files including web pages without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the...

5.4CVSS6.1AI score0.00345EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/02/14 3:11 a.m.8 views

CVE-2023-23851

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files including web pages without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the...

5.4CVSS6.9AI score0.00345EPSS
Exploits0References2
cvelist
cvelist
added 2023/02/14 3:11 a.m.35 views

CVE-2023-23851

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files including web pages without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the...

5.4CVSS5.8AI score0.00345EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/02/14 12:0 a.m.6 views

PT-2023-19252 · Sap · Sap Business Planning/Consolidation

Name of the Vulnerable Software and Affected Versions: SAP Business Planning and Consolidation versions 200, 300 Description: The issue allows an attacker with business authorization to upload any files, including web pages, without proper file format validation. If other users visit the uploaded...

5.4CVSS5.5AI score0.00345EPSS
Exploits0References5
Rows per page
Query Builder