228 matches found
CVE-2020-6273
SAP S/4 HANA Fiori UI for General Ledger Accounting, versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check...
CVE-2020-6258
SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check...
CVE-2020-6259
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check...
CVE-2020-6233
SAP S/4 HANA Financial Products Subledger and Banking Services, versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system...
CVE-2020-6199
The view FIMENAVCOMPCERT in SAP ERP MENA Certificate Management, EAPPGLO version 607, SAPFIN versions- 618, 730 and SAP S/4HANA MENA Certificate Management, S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization grou...
CVE-2020-6270
SAP NetWeaver AS ABAP Banking Services, versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...
CVE-2019-0367
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
WordPress plugin JNews 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Car Park Booking System 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2025-43011 Missing Authorization Check in SAP Landscape Transformation (PCL Basis)
Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availabili...
CVE-2025-43007 Missing Authorization check in SAP Service Parts Management (SPM)
SAP Service Parts Management SPM does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application...
PT-2025-20814 · Sap · Sap S4Core
Name of the Vulnerable Software and Affected Versions: SAP S4CORE affected versions not specified Description: The issue allows an authenticated attacker to access restricted information due to a missing authorization check in the OData meta-data property. This could cause a low impact on...
CVE-2025-27437
A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...
CVE-2025-30017 Missing Authorization check in SAP Solution Manager
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...
CVE-2025-30017 Missing Authorization check in SAP Solution Manager
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...
CVE-2025-30017
CVE-2025-30017 affects SAP Solution Manager 7.1. The issue is a missing authorization check that could let an authenticated attacker upload a file as a template for solution documentation, with limited impact on the application’s integrity and availability. Remediation is via SAP security patches...
CVE-2025-26661 Missing Authorization check in SAP NetWeaver (ABAP Class Builder)
Due to missing authorization check, SAP NetWeaver ABAP Class Builder allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high...
CVE-2025-25244 Missing Authorization Check in SAP Business Warehouse (Process Chains)
SAP Business Warehouse Process Chains allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data...
CVE-2025-23188 Missing Authorization check in SAP S/4HANA (RBD)
An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability...
GHSA-3HFJ-QCVJ-4HX8 Leantime has Missing Authorization Check for Host Parameter
Finding Description Application has functionality for a user to view profile information. It does not have an implemented authorization check for "Host" parameter which allows a user to view profile information of another user by replacing "Host" parameter. Impact By exploiting this vulnerability...