Vulnerabilities > SAP > Basis

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-29110 Cross-site Scripting vulnerability in SAP products
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags.
network
low complexity
sap CWE-79
5.4
2023-04-11 CVE-2023-29109 Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP products
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection.
network
low complexity
sap CWE-1236
4.6
2022-12-13 CVE-2022-41264 Code Injection vulnerability in SAP Basis
Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker.
network
low complexity
sap CWE-94
8.8
2020-01-14 CVE-2020-6307 Incorrect Authorization vulnerability in SAP Basis
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.
network
low complexity
sap CWE-863
4.3
2019-01-08 CVE-2019-0248 Unspecified vulnerability in SAP Basis and Netweaver
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.
network
high complexity
sap
5.9
2018-11-13 CVE-2018-2478 Unspecified vulnerability in SAP Basis
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53.
network
low complexity
sap
7.2