Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
5.9CVSS
5.5AI Score
0.003EPSS
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attack...
5.4CVSS
5.4AI Score
0.001EPSS
WebFlow Services of SAP Business Workflow allowsan authenticated attacker to enumerate accessible HTTP endpoints in theinternal network by specially crafting HTTP requests. On successfulexploitation this can result in information disclosure. It has no impact onintegrity and availability of the appl...
5CVSS
4.8AI Score
0.0004EPSS