14 matches found
CVE-2026-23688
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted...
CVE-2026-23688 Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted...
CVE-2026-0511
The CVE-2026-0511 issue affects SAP Fiori App Intercompany Balance Reconciliation. The vulnerability is due to missing authorization checks for an authenticated user, enabling privilege escalation. Impact is high on confidentiality and integrity; availability is not affected. The issue is corrobo...
CVE-2026-0496 Multiple vulnerabilities in SAP Fiori App (Intercompany Balance Reconciliation)
SAP Fiori App Intercompany Balance Reconciliation allows an attacker with high privileges to upload any file including script files without proper file format validation. This has low impact on confidentiality, integrity and availability of the application...
CVE-2026-0495
CVE-2026-0495 affects SAP Fiori App Intercompany Balance Reconciliation. A high-privilege attacker can cause the application to send uploaded files to arbitrary email addresses, enabling phishing campaigns. Impact on confidentiality, integrity and availability is described as low. The provided do...
CVE-2026-0493 Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (Intercompany Balance Reconciliation)
Due to a Cross-Site Request Forgery CSRF vulnerability in SAP Fiori App Intercompany Balance Reconciliation an attacker could execute state?changing actions using an inappropriate request type, this deviation from expected request semantics may allow an attacker to trigger unintended actions on...
CVE-2026-0493
CVE-2026-0493 describes a Cross-Site Request Forgery in the SAP Fiori App Intercompany Balance Reconciliation. The issue could allow an attacker to trigger state-changing actions on behalf of an authenticated user by using an inappropriate request type, with low impact on integrity and no impact ...
PT-2026-2343
Name of the Vulnerable Software and Affected Versions SAP Fiori App Intercompany Balance Reconciliation affected versions not specified Description The SAP Fiori App Intercompany Balance Reconciliation does not implement proper authorization checks for authenticated users, potentially allowing fo...
PT-2026-2332
Name of the Vulnerable Software and Affected Versions SAP Fiori App Intercompany Balance Reconciliation affected versions not specified Description The application allows an attacker with high privileges to upload any file, including script files, without proper file format validation. This has a...
EUVD-2024-22959
Malicious code in bioql PyPI...
CVE-2025-42923 Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups)
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application...
CVE-2025-42923
CVE-2025-42923 is a cross-site request forgery (CSRF) vulnerability in SAP Fiori App Manage Work Center Groups. An authenticated user could be tricked into sending unintended requests to the web server. The CVSS 3.1 vector indicates Network attack, Low attack complexity, Privileges Required: Low,...
CVE-2024-25643
The SAP Fiori app My Overtime Request - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to...
Authorization
The SAP Fiori app My Overtime Request - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to...