6 matches found
CVE-2023-29110
The CVE-2023-29110 issue affects SAP Application Interface (Message Dashboard) across multiple releases: AIF 703, AIFX 702, S4CORE 100/101, SAP_BASIS 755/756, SAP_ABA 75C/75D/75E. The root cause is that the application allows unrestricted HTML markup, enabling an authorized attacker to use basic ...
CVE-2019-0248
Summary: CVE-2019-0248 affects the SAP Gateway of the ABAP Application Server, causing information disclosure under certain conditions. The issue is addressed in SAP_GWFND versions 7.5, 7.51, 7.52, 7.53 and SAP_BASIS 7.5. Affected component: SAP Gateway in the ABAP Application Server. Root cause/...
CVE-2022-41264
The CVE-2022-41264 issue affects SAP BASIS components (versions 731, 740, 750–757, 789–791) where the unrestricted scope of the RFC function module allows an authenticated non-administrator to access a system class and execute any of its public methods with attacker-supplied parameters. This can ...
CVE-2018-2478
CVE-2018-2478 affects SAP Basis and related TREX/BWA installations. The vulnerability allows an attacker to use specially crafted inputs to execute commands on the host, with the commands limited to what the adm user can run; the actual commands depend on the privileges of that user. Affected ver...
CVE-2020-6307
The CVE-2020-6307 issue affects SAP Basis Automated Note Search Tool across SAP Basis versions 7.00 to 7.54, where insufficient authorization checks allow reading of sensitive information. Multiple connected sources (Red Hat advisory, NVD entry, vendor notes, and Symantec writeup) corroborate an ...
CVE-2023-29109
CVE-2023-29109 affects SAP Application Interface Framework (Message Dashboard) across AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755/756, SAP_ABA 75C/75D/75E. The root cause is an Excel formula injection in fields such as the Tooltip of the Custom Hints List, which can execute when the victim opens...