9 matches found
CVE-2026-27687
CVE-2026-27687: A missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal allows a user with high privileges to access another company’s sensitive data. Root cause: lack of authorization validation. Impact: High confidentiality impact; no reported integrity or availabilit...
EUVD-2019-1098
Malware in sbrugna...
SAP ERP HCM and SAP S/4HANA Authorization Issues Vulnerability
SAP ERP HCM and SAP S/4HANA are both products of SAP, an enterprise human resource management solution, and SAP S/4HANA, an enterprise resource management software based on the SAP HANA in-memory database system. SAP ERP HCM and SAP S/4HANA have an authorization issue vulnerability that stems fro...
CVE-2022-22535
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause...
CVE-2019-0325
SAP ERP HCM SAPHRCES , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain...
CVE-2019-0325
CVE-2019-0325 affects SAP ERP HCM (SAP_HRCES) v3.0. The vulnerability arises from missing authorization checks on a payroll-data report, allowing a user who once had payroll data access to retain access after revocation under certain conditions. Impact stated: potential unauthorized reading of pa...
SAP ERP HCM CVE-2019-0325 Remote Authorization Bypass Vulnerability
Description SAP ERP HCM Basis is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Technologies Affected SAP ERP HCM 3.0 Recommendations Block external access at the netwo...
Cross site request forgery (csrf)
SAP Fiori 1.0 for SAP ERP HCM Approve Leave Request, version 2 application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection...
CVE-2018-2474
SAP Fiori 1.0 for SAP ERP HCM Approve Leave Request, version 2 application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection...