Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-12 | CVE-2024-47595 | Unspecified vulnerability in SAP Host Agent 7.22 An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. | 7.1 |
| 2024-10-08 | CVE-2024-37179 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Businessobjects Business Intelligence 2025/420/430 SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. | 6.5 |
| 2024-10-08 | CVE-2024-45277 | Unspecified vulnerability in SAP Hana-Client The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. | 4.3 |
| 2024-10-08 | CVE-2024-45278 | Cross-site Scripting vulnerability in SAP Commerce Backoffice 2205/2211 SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2024-10-08 | CVE-2024-45282 | Trusting HTTP Permission Methods on the Server Side vulnerability in SAP S/4 Hana Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. | 5.3 |
| 2024-10-08 | CVE-2024-47594 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.50 SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. | 5.4 |
| 2024-09-10 | CVE-2024-41728 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. | 2.7 |
| 2024-09-10 | CVE-2024-44112 | Missing Authorization vulnerability in SAP OIL %/ GAS Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. | 4.3 |
| 2024-09-10 | CVE-2024-44114 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. | 2.7 |
| 2024-08-13 | CVE-2024-39591 | Missing Authorization vulnerability in SAP Document Builder SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. | 5.3 |