Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-05-13 CVE-2025-43002 SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check.
network
low complexity
CWE-472
4.3
4.3
2025-05-13 CVE-2025-43003 SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field.
network
high complexity
CWE-749
6.4
6.4
2025-05-13 CVE-2025-43004 Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards.
network
low complexity
CWE-862
5.3
5.3
2025-05-13 CVE-2025-43005 SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials.
local
low complexity
CWE-256
4.3
4.3
2025-05-13 CVE-2025-43006 SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability.
network
low complexity
CWE-79
6.1
6.1
2025-05-13 CVE-2025-43007 SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges.
network
low complexity
CWE-862
6.3
6.3
2025-05-13 CVE-2025-43008 Due to missing authorization check, an unauthorized user can view the files of other company.
network
high complexity
CWE-862
5.8
5.8
2025-05-13 CVE-2025-43009 SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges.
network
low complexity
CWE-862
6.3
6.3
2025-05-13 CVE-2025-43010 SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs.
network
low complexity
CWE-94
8.3
8.3
2025-05-13 CVE-2025-43011 Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data.
network
low complexity
CWE-862
7.7
7.7