CVE-2023-28763

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the...

CVE-2023-31407

SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application...

SAP NetWeaver Application Server 资源管理错误漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A resource management error vulnerability exists in SAP NetWeaver Application Server, which stems from the presence of an error handling class, and can be exploited by an attacker to consume the server's resources to mak...

Design/Logic Flaw

In SAP Solution Manager Enterprise Search - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impa...

SAP Fiori Launchpad Cross-Site Scripting Vulnerability

SAP Fiori is SAP's user experience UX design system for SAP applications, which provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, providing a consistent, innovative experience for creators and users.SAP Fiori Launchpad is the SA...

SAP Fiori Launchpad Server-Side Request Forgery Vulnerability

SAP Fiori is SAP's user experience UX design system for SAP applications, which provides designers and developers with a set of tools and guidelines to quickly develop applications for any platform, providing a consistent, innovative experience for creators and users.SAP Fiori Launchpad is the SA...

CVE-2020-26815

SAP Fiori Launchpad News tile Application, versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external...

Server side request forgery (ssrf)

SAP Fiori Launchpad News tile Application, versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external...