7 matches found
CVE-2021-40501
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker...
SAP ABAP Platform 安全漏洞
SAP ABAP Platform is an ABAP-based SAP solution from SAP. SAP ABAP Platform has an authorization issue vulnerability that stems from a lack of authorization checks. An attacker with a business user account in SAP ABAP Platform could exploit the vulnerability to change the privacy settings of a jo...
PT-2024-22121 · Sap · Sap Abap Platform
Name of the Vulnerable Software and Affected Versions: SAP ABAP Platform versions 758, 795 Description: The issue is due to a missing authorization check, allowing an attacker with a business user account to change the privacy setting of job templates from shared to private, making the selected...
PT-2023-28366 · Sap · Sap Commerce Cloud
Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud versions HY COM 1905 through HY COM 2205, COM CLOUD 2211 Description: A locked B2B user can misuse the forgotten password functionality to un-block their user account again and re-gain access if SAP Commerce Cloud -...
CVE-2021-40501
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker...
CVE-2020-6299
SAP NetWeaver ABAP Server and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure...
Information disclosure
SAP NetWeaver ABAP Server and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure...