EUVD-2019-1016

Malware in sbrugna...

EUVD-2023-38116

Malicious code in bioql PyPI...

EUVD-2024-36482

Malicious code in bioql PyPI...

CVE-2025-42960

SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentialit...

CVE-2024-37176

SAP BW/4HANA Transformation and Data Transfer Process DTP allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

CVE-2023-33992

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

CVE-2024-37176

SAP BW/4HANA Transformation and Data Transfer Process DTP allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

CVE-2024-37176 Missing Authorization check in SAP BW/4HANA Transformation and DTP

SAP BW/4HANA Transformation and Data Transfer Process DTP allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low...

PT-2024-4584 · Sap · Sap Bw/4Hana

Name of the Vulnerable Software and Affected Versions: SAP BW/4HANA affected versions not specified Description: The issue is related to improper authorization checks in the Transformation and Data Transfer Process DTP of SAP BW/4HANA, allowing an authenticated attacker to gain higher access leve...

Code injection

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

CVE-2023-33992 Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAPBW 730, SAPBW 731, SAPBW 740, SAPBW 730, SAPBW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs...

PT-2022-25779 · Sap · Sap Business Planning/Consolidation +3

Name of the Vulnerable Software and Affected Versions: SAP Business Planning and Consolidation versions SAP BW 750 through 757, DWCORE 200 through 300, CPMBPC 810 Description: The issue concerns the use of a transaction code reserved for the customer in some SAP standard roles. This could allow a...

SAP BusinessObjects BW Publisher Service 代码问题漏洞

SAP BusinessObjects BW Publisher Service is a model-driven data warehouse product from SAP Germany. An elevation of privilege vulnerability exists in versions 420 and 430 of the SAP BusinessObjects BW Publisher Service, which stems from the use of search paths that contain un-referenced elements,...

SAP Business Warehouse and SAP BW/4HANA Code Injection Vulnerability

SAP Business Warehouse BW is SAP's data warehouse solution.SAP BW provides a high-performance infrastructure that helps you evaluate and interpret data. Decision makers can make informed decisions based on the analyzed data and identify target-specific activities. A code injection vulnerability...

Code injection

SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which...

CVE-2021-21466

CVE-2021-21466 affects SAP Business Warehouse (versions 700–750, 782) and SAP BW/4HANA (100–200). The issue enables a low-privileged attacker to inject code via a remote-enabled SAP function module, allowing creation of a malicious ABAP report to access sensitive data, inject UPDATE statements (p...

CVE-2020-26838

SAP BW/ BW4HANA are affected by a code-injection vulnerability (CVE-2020-26838) that can be exploited by an authenticated attacker with high developer privileges through a crafted request to execute OS commands. Affected versions include SAP Business Warehouse (700, 701, 702, 731, 740, 750, 751, ...

Authorization

Under some circumstances, masterdata maintenance in SAP BW/4HANA fixed in DW4CORE version 1.0 SP08 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...

CVE-2019-0243

CVE-2019-0243 affects SAP BW/4HANA: masterdata maintenance can skip authorization checks for an authenticated user, enabling privilege escalation. Vulnerable component is masterdata maintenance in SAP BW/4HANA; fixed in DW4CORE version 1.0 (SP08). The issue implies unauthorized elevation of privi...