CVE-2021-27605

SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last...

EUVD-2018-14316

Malware in sbrugna...

EUVD-2023-24092

Malicious code in bioql PyPI...

EUVD-2023-53530

Malicious code in bioql PyPI...

CVE-2025-42914

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiali...

CVE-2025-42917

SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected...

CVE-2025-42914

CVE-2025-42914 affects the SAP HCM My Timesheet Fiori 2.0 application. The root cause is missing authorization checks, enabling an authenticated attacker with in-depth system knowledge to escalate privileges and perform restricted activities. Impact is described as low for integrity; confidential...

CVE-2025-42913

CVE-2025-42913 affects SAP HCM My Timesheet Fiori 2.0. The issue is missing authorization checks allowing an authenticated attacker with in-depth system knowledge to escalate privileges and perform restricted activities, with low impact to integrity; confidentiality and availability are unaffecte...

CVE-2025-42912 Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)

SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected...

SAP HCM My Timesheet Fiori 安全漏洞

SAP HCM My Timesheet Fiori is a timesheet application from SAP, Germany. A security vulnerability exists in SAP HCM My Timesheet Fiori 2.0 that stems from a lack of authorization checking and could lead to elevated privileges...

CVE-2023-49577

The SAP HCM SMART PAYE solution - versions S4HCMCIE 100, SAPHRCIE 600, SAPHRCIE 604, SAPHRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and...

CVE-2023-1903

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...

SAP HCM Approve Timesheets Authorization Issues Vulnerability

SAP HCM Approve Timesheets is a transactional application from SAP, Germany. An authorization issue vulnerability exists in SAP HCM Approve Timesheets version 4, which stems from a failure to perform the required authorization checks on authenticated users and can be exploited by an attacker to...

CVE-2024-47581

SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted...

CVE-2024-47581 Missing Authorization check in SAP HCM (Approve Timesheets version 4)

SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted...

CVE-2024-47581

SAP HCM Approve Timesheets Version 4 contains a missing authorization check for an authenticated user, enabling escalation of privileges. The issue affects the application’s integrity at a low level; confidentiality and availability are not impacted. CVSSv3.1 base score shown as 4.3 (Medium) with...

CVE-2024-47581 Missing Authorization check in SAP HCM (Approve Timesheets version 4)

SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted...

CVE-2023-49577

The SAP HCM SMART PAYE solution - versions S4HCMCIE 100, SAPHRCIE 600, SAPHRCIE 604, SAPHRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and...

CVE-2023-1903

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...

Authorization

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...