17 matches found
CVE-2026-44744
SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...
CVE-2026-44744
Affected software : SAP S/4HANA On-Premise. Vulnerability : SQL injection in a remote-enabled function module component. Root cause / what’s vulnerable : An authenticated attacker could influence SQL queries via the affected function module, potentially enabling unauthorized database queries. Imp...
CVE-2026-40133
SAP S/4HANA Condition Maintenance is affected by a missing authorization check, enabling an authenticated attacker to view and modify condition table records. The impact is described as low for confidentiality, integrity, and availability. The CVE entries (CVE-2026-40133) reference SAP S/4HANA Co...
CVE-2026-27678
CVE-2026-27678 affects SAP S/4HANA backend OData Service (Manage Reference Structures); missing authorization checks allow updating and deleting child entities via exposed OData. Impact: integrity high; no confidentiality/availability impact. See SAP notes and security patch day for mitigations.
CVE-2025-42924
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability...
EUVD-2023-39863
Malicious code in bioql PyPI...
CVE-2025-42957 Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...
CVE-2025-42991 Missing Authorization check in SAP S/4HANA (Bank Account Application)
SAP S/4HANA Bank Account Application does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of the data or the...
CVE-2025-42991
SAP S/4HANA Bank Account Application is affected by a Missing Authorization check vulnerability. An authenticated "+approver" user can delete attachments from another user’s bank account application, causing low integrity impact (no confidentiality or availability impact). Root cause identified a...
CVE-2019-0386
Order processing in SAP ERP Sales corrected in SAPAPPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and S4HANA Sales corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04 does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges...
CVE-2025-43002
CVE-2025-43002 affects SAP S4CORE via the OData meta-data property. The root cause is a missing authorization check, allowing an authenticated attacker to access restricted information. Impact is described as low confidentiality impact with no reported effects on integrity or availability; CVSS 3...
CVE-2025-27429 Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...
CVE-2025-27436 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on...
PT-2024-30962 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4 HANA affected versions not specified Description: The issue allows an attacker with basic privileges to access restricted information under certain conditions in Statutory Reports. This could expose internal user data that should rema...
SAP S/4HANA Information Disclosure Vulnerability
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An information disclosure vulnerability exists in SAP S/4HANA that stems from a vulnerable file storage location that could allow a low-privileged attacker to read server...
CVE-2023-41369
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow do...
PT-2023-19672 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4 HANA affected versions not specified Description: The issue is related to the SAP S/4 HANA Map Treasury Correspondence Format Data, which does not perform necessary authorization checks for authenticated users. This results in an...