13 matches found
CVE-2026-40133
Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the...
CVE-2026-27673 Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)
Due to a missing authorization check, SAP S/4HANA Private Cloud and On-Premise allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the...
SAP S/4HANA OData Service 安全漏洞
The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service Manage Reference Equipment, which stems from the lack of authorization checks. This...
CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)
An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...
PT-2026-2334
Name of the Vulnerable Software and Affected Versions SAP S/4HANA Private Cloud and On-Premise affected versions not specified Description The software contains a flaw in a function module exposed via Remote Function Call RFC. An attacker with administrative privileges can exploit this to inject...
CVE-2020-6184
Under certain conditions, ABAP Online Community in SAP NetWeaver SAPBASIS version 7.40 and SAP S/4HANA SAPBASIS versions 7.50, 7.51, 7.52, 7.53, 7.54, does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability...
SAP S/4HANA Security Vulnerabilities
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. A security vulnerability exists in SAP S/4HANA that stems from a failure to perform the required authorization checks for authenticated users, which could result in privile...
SAP S/4 HANA 安全漏洞
SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP, a German company. A security vulnerability exists in SAP S/4 HANA that stems from not performing the required authorization checks on authenticated users, which can lead to privilege escalation...
CVE-2023-41368
The OData service of the S4 HANA Manage checkbook apps - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call...
SAP S/4 HANA 安全漏洞
SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP, Germany. A security vulnerability exists in SAP S/4 HANA Map Treasury Correspondence Format Data, which stems from a lack of authorization checks for users. An attacker could exploit the vulnerability to eleva...
CVE-2022-32248
Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data...
SAP S/4HANA 安全漏洞
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP Germany. SAP S/4HANA is vulnerable to an authorization issue that stems from the application business partner extension component not performing the required authorization checks for...
CVE-2022-22530
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being...