Vulnerabilities > SAP > Business Planning AND Consolidation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-31407 | Cross-site Scripting vulnerability in SAP Business Planning and Consolidation 740/750 SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. | 5.4 |
| 2023-02-14 | CVE-2023-23851 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Planning and Consolidation 200/300 SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. | 5.4 |
| 2023-01-10 | CVE-2023-0016 | SQL Injection vulnerability in SAP Business Planning and Consolidation 800/810 SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. | 8.8 |
| 2022-12-13 | CVE-2022-41268 | Improper Privilege Management vulnerability in SAP Business Planning and Consolidation In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. | 7.5 |
| 2020-10-15 | CVE-2020-6368 | Cross-site Scripting vulnerability in SAP Business Planning and Consolidation SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting. | 3.5 |
| 2018-08-02 | CVE-2017-16349 | XXE vulnerability in SAP Business Planning and Consolidation An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. | 8.1 |