Lucene search
K

228 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:45 p.m.6 views

CVE-2020-6273

SAP S/4 HANA Fiori UI for General Ledger Accounting, versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check...

4.3CVSS6.8AI score0.0056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.8 views

CVE-2020-6258

SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check...

6.5CVSS6.3AI score0.0068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.6 views

CVE-2020-6259

Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check...

6.5CVSS6.6AI score0.00774EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.6 views

CVE-2020-6233

SAP S/4 HANA Financial Products Subledger and Banking Services, versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system...

4.3CVSS6.7AI score0.00742EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.10 views

CVE-2020-6199

The view FIMENAVCOMPCERT in SAP ERP MENA Certificate Management, EAPPGLO version 607, SAPFIN versions- 618, 730 and SAP S/4HANA MENA Certificate Management, S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization grou...

5.5CVSS6.9AI score0.00334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:38 p.m.10 views

CVE-2020-6270

SAP NetWeaver AS ABAP Banking Services, versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...

6.5CVSS6.8AI score0.00804EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:57 a.m.15 views

CVE-2019-0367

SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...

4.3CVSS6.8AI score0.0055EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.4 views

WordPress plugin JNews 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS6.3AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.3 views

WordPress plugin Car Park Booking System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS6AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/13 12:20 a.m.8 views

CVE-2025-43011 Missing Authorization Check in SAP Landscape Transformation (PCL Basis)

Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availabili...

7.7CVSS7.4AI score0.00321EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/13 12:19 a.m.7 views

CVE-2025-43007 Missing Authorization check in SAP Service Parts Management (SPM)

SAP Service Parts Management SPM does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application...

6.3CVSS6.5AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.6 views

PT-2025-20814 · Sap · Sap S4Core

Name of the Vulnerable Software and Affected Versions: SAP S4CORE affected versions not specified Description: The issue allows an authenticated attacker to access restricted information due to a missing authorization check in the OData meta-data property. This could cause a low impact on...

4.3CVSS5.8AI score0.00255EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/04/10 8:24 a.m.24 views

CVE-2025-27437

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...

4.3CVSS6.7AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/08 7:15 a.m.5 views

CVE-2025-30017 Missing Authorization check in SAP Solution Manager

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...

4.4CVSS7AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/08 7:15 a.m.16 views

CVE-2025-30017 Missing Authorization check in SAP Solution Manager

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...

4.4CVSS0.0014EPSS
Exploits0References2
CVE
CVE
added 2025/04/08 7:15 a.m.58 views

CVE-2025-30017

CVE-2025-30017 affects SAP Solution Manager 7.1. The issue is a missing authorization check that could let an authenticated attacker upload a file as a template for solution documentation, with limited impact on the application’s integrity and availability. Remediation is via SAP security patches...

4.4CVSS7AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/11 12:37 a.m.15 views

CVE-2025-26661 Missing Authorization check in SAP NetWeaver (ABAP Class Builder)

Due to missing authorization check, SAP NetWeaver ABAP Class Builder allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high...

8.8CVSS0.00398EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/11 12:34 a.m.5 views

CVE-2025-25244 Missing Authorization Check in SAP Business Warehouse (Process Chains)

SAP Business Warehouse Process Chains allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data...

5.7CVSS7.1AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/11 12:32 a.m.10 views

CVE-2025-23188 Missing Authorization check in SAP S/4HANA (RBD)

An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability...

4.3CVSS0.00225EPSS
Exploits0References2
OSV
OSV
added 2025/02/21 11:53 p.m.1 views

GHSA-3HFJ-QCVJ-4HX8 Leantime has Missing Authorization Check for Host Parameter

Finding Description Application has functionality for a user to view profile information. It does not have an implemented authorization check for "Host" parameter which allows a user to view profile information of another user by replacing "Host" parameter. Impact By exploiting this vulnerability...

2.3CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder