Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.9 views

CVE-2026-44744

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:20 a.m.32 views

CVE-2026-44744

Affected software : SAP S/4HANA On-Premise. Vulnerability : SQL injection in a remote-enabled function module component. Root cause / what’s vulnerable : An authenticated attacker could influence SQL queries via the affected function module, potentially enabling unauthorized database queries. Imp...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 2:21 a.m.15 views

CVE-2026-40133

SAP S/4HANA Condition Maintenance is affected by a missing authorization check, enabling an authenticated attacker to view and modify condition table records. The impact is described as low for confidentiality, integrity, and availability. The CVE entries (CVE-2026-40133) reference SAP S/4HANA Co...

6.3CVSS5.8AI score0.00216EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:7 a.m.11 views

CVE-2026-27678

CVE-2026-27678 affects SAP S/4HANA backend OData Service (Manage Reference Structures); missing authorization checks allow updating and deleting child entities via exposed OData. Impact: integrity high; no confidentiality/availability impact. See SAP notes and security patch day for mitigations.

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
CVE
CVE
added 2026/01/13 1:14 a.m.27 views

CVE-2026-0501

CVE-2026-0501 is a SQL injection vulnerability in SAP S/4HANA Private Cloud and On‑Premise (Financials General Ledger) caused by insufficient input validation. An authenticated user can craft SQL queries to read, modify, and delete data in the backend database, potentially compromising confidenti...

9.9CVSS6.8AI score0.00414EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/12 12:36 a.m.9 views

CVE-2025-42924

SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability...

6.1CVSS6.8AI score0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 12:18 a.m.3 views

CVE-2025-42909 Security Misconfiguration vulnerability in SAP Cloud Appliance Library Appliances

SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not...

3CVSS6.6AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-1159

Malware in sbrugna...

6.5CVSS6.5AI score0.00737EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-39863

Malicious code in bioql PyPI...

7.3CVSS7.5AI score0.0032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/12 2:9 a.m.2 views

CVE-2025-42957 Code Injection vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...

9.9CVSS7.5AI score0.01547EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/10 12:12 a.m.15 views

CVE-2025-42991 Missing Authorization check in SAP S/4HANA (Bank Account Application)

SAP S/4HANA Bank Account Application does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of the data or the...

4.3CVSS0.00194EPSS
Exploits0References2
CVE
CVE
added 2025/06/10 12:12 a.m.47 views

CVE-2025-42991

SAP S/4HANA Bank Account Application is affected by a Missing Authorization check vulnerability. An authenticated "+approver" user can delete attachments from another user’s bank account application, causing low integrity impact (no confidentiality or availability impact). Root cause identified a...

4.3CVSS4.5AI score0.00194EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:37 a.m.7 views

CVE-2019-0386

Order processing in SAP ERP Sales corrected in SAPAPPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and S4HANA Sales corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04 does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges...

6.5CVSS7.3AI score0.00737EPSS
Exploits0References1
CVE
CVE
added 2025/05/13 12:18 a.m.45 views

CVE-2025-43002

CVE-2025-43002 affects SAP S4CORE via the OData meta-data property. The root cause is a missing authorization check, allowing an authenticated attacker to access restricted information. Impact is described as low confidentiality impact with no reported effects on integrity or availability; CVSS 3...

4.3CVSS4.5AI score0.00255EPSS
Exploits0References2
NCSC
NCSC
added 2025/04/30 1:12 p.m.11 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, and SAP...

10CVSS9.2AI score0.99359EPSS
Exploits31References4
Vulnrichment
Vulnrichment
added 2025/04/08 7:13 a.m.8 views

CVE-2025-27429 Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating...

9.9CVSS9.6AI score0.00748EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/11 12:39 a.m.10 views

CVE-2025-27436 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)

The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on...

4.3CVSS0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.4 views

PT-2024-30962 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4 HANA affected versions not specified Description: The issue allows an attacker with basic privileges to access restricted information under certain conditions in Statutory Reports. This could expose internal user data that should rema...

4.3CVSS6.8AI score0.00292EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.9 views

PT-2024-29906 · Sap · Sap S/4Hana Eprocurement

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA eProcurement affected versions not specified Description: The issue is due to weak encoding of user-controlled inputs, allowing malicious scripts to be executed in the application. This can potentially lead to a Reflected Cross-Si...

6.1CVSS6AI score0.00242EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.5 views

SAP S/4HANA Information Disclosure Vulnerability

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An information disclosure vulnerability exists in SAP S/4HANA that stems from a vulnerable file storage location that could allow a low-privileged attacker to read server...

4.3CVSS6AI score0.00442EPSS
Exploits0References4
Rows per page
Query Builder