29 matches found
CVE-2026-27681
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...
CVE-2023-31407
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...
EUVD-2020-27518
Malware in sbrugna...
EUVD-2023-35718
Malicious code in bioql PyPI...
EUVD-2023-27934
Malicious code in bioql PyPI...
EUVD-2022-44477
Malicious code in bioql PyPI...
EUVD-2025-27199
Malicious code in bioql PyPI...
CVE-2025-42930
SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there...
CVE-2025-42930 Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation
SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there...
CVE-2025-42930 Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation
SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there...
CVE-2022-41268
In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAPBW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized...
CVE-2023-31407
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...
Cross site scripting
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...
CVE-2023-31407 Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...
CVE-2023-31407 Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...
PT-2023-23301 · Sap · Sap Business Planning/Consolidation
Name of the Vulnerable Software and Affected Versions: SAP Business Planning and Consolidation versions 740, 750 Description: The issue allows an authorized attacker to upload a malicious file, resulting in a Cross-Site Scripting issue. After successful exploitation, an attacker can cause limited...
CVE-2023-23851
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files including web pages without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the...
CVE-2023-23851
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files including web pages without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the...
CVE-2023-23851
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files including web pages without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the...
PT-2023-19252 · Sap · Sap Business Planning/Consolidation
Name of the Vulnerable Software and Affected Versions: SAP Business Planning and Consolidation versions 200, 300 Description: The issue allows an attacker with business authorization to upload any files, including web pages, without proper file format validation. If other users visit the uploaded...