VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-13
CVE-2025-43002
SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check.
network
low complexity
CWE-472
4.3
4.3
2025-05-13
CVE-2025-43003
SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field.
network
high complexity
CWE-749
6.4
6.4
2025-05-13
CVE-2025-43004
Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards.
network
low complexity
CWE-862
5.3
5.3
2025-05-13
CVE-2025-43005
SAP GUI for Windows allows an unauthenticated attacker to exploit insecure obfuscation algorithms used by the GuiXT application to store user credentials.
local
low complexity
CWE-256
4.3
4.3
2025-05-13
CVE-2025-43006
SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability.
network
low complexity
CWE-79
6.1
6.1
2025-05-13
CVE-2025-43007
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges.
network
low complexity
CWE-862
6.3
6.3
2025-05-13
CVE-2025-43008
Due to missing authorization check, an unauthorized user can view the files of other company.
network
high complexity
CWE-862
5.8
5.8
2025-05-13
CVE-2025-43009
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges.
network
low complexity
CWE-862
6.3
6.3
2025-05-13
CVE-2025-43010
SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs.
network
low complexity
CWE-94
8.3
8.3
2025-05-13
CVE-2025-43011
Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data.
network
low complexity
CWE-862
7.7
7.7
«
Previous
1
2
...
115
116
117
(current)
118
119
...
17188
17189
»
Next