Vulnerabilities > SAP > Application Interface Framework

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2024-21737 Unspecified vulnerability in SAP Application Interface Framework 702
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly.
network
low complexity
sap
critical
9.1
2023-04-11 CVE-2023-29110 Cross-site Scripting vulnerability in SAP products
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags.
network
low complexity
sap CWE-79
5.4
2023-04-11 CVE-2023-29111 Unspecified vulnerability in SAP Application Interface Framework 755/756
The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required.
network
low complexity
sap
4.3
2023-04-11 CVE-2023-29109 Unspecified vulnerability in SAP products
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection.
network
low complexity
sap
4.6