Vulnerabilities > SAP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-41728 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. | 2.7 |
| 2024-09-10 | CVE-2024-44112 | Missing Authorization vulnerability in SAP OIL %/ GAS Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. | 4.3 |
| 2024-09-10 | CVE-2024-44114 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. | 2.7 |
| 2024-08-13 | CVE-2024-39591 | Missing Authorization vulnerability in SAP Document Builder SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. | 5.3 |
| 2024-08-13 | CVE-2024-41734 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. | 4.3 |
| 2024-08-13 | CVE-2024-42373 | Missing Authorization vulnerability in SAP Student Life Cycle Management SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. | 5.4 |
| 2024-08-13 | CVE-2024-28166 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420 SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. | 4.3 |
| 2024-08-13 | CVE-2024-33003 | Unspecified vulnerability in SAP Commerce Cloud Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information (PII) data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. | 9.1 |
| 2024-08-13 | CVE-2024-33005 | Missing Authorization vulnerability in SAP products Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. | 6.3 |
| 2024-08-13 | CVE-2024-41730 | Missing Authorization vulnerability in SAP Business Objects Business Intelligence Platform Enterprise430/Enterprise440 In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. | 9.8 |