CVE-2026-27677

The CVE affects SAP S/4HANA OData Service (Manage Reference Equipment). Missing authorization checks allow an attacker to update and delete child entities via OData, leading to integrity impact with no confidentiality or availability effects. Reported under CVSS 3.1: Network vector, Low attack co...

CVE-2026-27676 Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

PT-2026-32559

Due to missing authorization checks in the SAP S/4HANA frontend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

SAP S/4HANA Defense & Security 安全漏洞

SAP S/4HANA Defense & Security is a resource planning system developed by German company SAP for the defense department or armed forces. There is a security vulnerability in SAP S/4HANA Defense & Security, which stems from the lack of authorization checks. This vulnerability may lead to direct...

CVE-2026-0513

Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application...

CVE-2025-42939

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

EUVD-2021-8739

Malicious code in bioql PyPI...

CVE-2025-42913

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiali...

CVE-2021-21465

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...

PT-2024-29905 · Sap · Sap Rfc Function Module

Name of the Vulnerable Software and Affected Versions: SAP RFC function module affected versions not specified Description: The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This issue could be utilized to identify usernames and access...

CVE-2024-37176

SAP BW/4HANA Transformation and Data Transfer Process DTP allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

CVE-2023-35870

When creating a journal entry template in SAP S/4HANA Manage Journal Entry Template - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template...

SAP 3D Visual Enterprise Viewer 输入验证错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP Germany. SAP 3D Visual Enterprise Viewer version 9.0 is vulnerable to an input validation error that could be exploited to crash the application and temporarily disable users until the application is restarted. The application can be...

PT-2022-15512 · Sap · S/4Hana

Name of the Vulnerable Software and Affected Versions: S/4HANA affected versions not specified Description: The issue concerns the exposure of private address and bank details of an Employee Business Partner with Supplier Role through the S/4HANA Supplier Factsheet, as well as the exposure of...

CVE-2021-21465

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...

Sql injection

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...

CVE-2021-21465

CVE-2021-21465 affects SAP BW Database Interface. The vulnerability arises from improper sanitization of untrusted data, allowing an attacker with low privileges to craft SQL queries that the backend database will execute, potentially fully compromising the SAP system. Connected sources corrobora...

CVE-2021-21465

The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...

CVE-2018-2437

The SAP Internet Graphics Service IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification...

SAP SapLPD Denial of Service Vulnerability

SAP SapLPD is the graphical user interface that SAP users use to access the SAP system. A security vulnerability exists in SAP SapLPD that allows remote attackers to conduct denial-of-service attacks by submitting special requests to TCP port 515...