S4core Security Vulnerabilities and Issues — S4core CVE List

Lucene search

SapS4core

10 matches found

CVE•added 2024/07/09 4:15 a.m.•70 views

CVE-2024-39592

Elements of PDCE does not perform necessaryauthorization checks for an authenticated user, resulting in escalation ofprivileges. Thisallows an attacker to read sensitive information causing high impact on theconfidentiality of the application.

7.7CVSS6.8AI score0.00136EPSS

CVE•added 2021/09/15 7:15 p.m.•63 views

CVE-2021-33701

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool...

9.1CVSS9.7AI score0.01518EPSS

CVE•added 2023/04/11 4:16 a.m.•63 views

CVE-2023-29110

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attack...

5.4CVSS4.8AI score0.00336EPSS

CVE•added 2018/05/09 8:29 p.m.•47 views

CVE-2018-2419

SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

5.5CVSS5.1AI score0.00182EPSS

CVE•added 2023/07/11 3:15 a.m.•39 views

CVE-2023-35870

When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template c...

7.3CVSS6.4AI score0.00095EPSS

CVE•added 2019/01/08 8:29 p.m.•37 views

CVE-2018-2484

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of priv...

8.8CVSS8.8AI score0.00523EPSS

CVE•added 2023/04/11 3:15 a.m.•35 views

CVE-2023-29109

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints...

4.6CVSS5AI score0.00336EPSS

CVE•added 2023/05/09 2:15 a.m.•35 views

CVE-2023-32112

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This c...

5.5CVSS4.5AI score0.00043EPSS

CVE•added 2024/07/09 5:15 a.m.•35 views

CVE-2024-37172

SAP S/4HANA Finance (Advanced PaymentManagement) does not perform necessary authorization check for an authenticateduser, resulting in escalation of privileges. As a result, it has a low impactto confidentiality and availability but there is no impact on the integrity.

5.4CVSS5.8AI score0.0017EPSS

CVE•added 2023/09/12 3:15 a.m.•29 views

CVE-2023-40625

S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and int...

5.4CVSS5.6AI score0.00147EPSS