Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-03-11 CVE-2025-23185 Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces.
network
low complexity
CWE-209
4.1
4.1
2025-03-11 CVE-2025-23188 An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions.
network
low complexity
CWE-862
4.3
4.3
2025-03-11 CVE-2025-23194 SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting.
network
low complexity
CWE-306
5.3
5.3
2025-03-11 CVE-2025-25242 SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability.
network
low complexity
CWE-79
6.1
6.1
2025-03-11 CVE-2025-25244 SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check.
low complexity
CWE-862
5.7
5.7
2025-03-11 CVE-2025-25245 SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured.
network
low complexity
CWE-79
5.4
5.4
2025-03-11 CVE-2025-26655 SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted.
network
high complexity
CWE-862
3.1
3.1
2025-03-11 CVE-2025-26656 OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges.
network
low complexity
CWE-862
4.3
4.3
2025-03-11 CVE-2025-26658 The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions.
network
high complexity
CWE-384
6.8
6.8
2025-03-11 CVE-2025-26659 SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability.
network
low complexity
CWE-79
6.1
6.1