Vulnerabilities > SAP > Business Planning AND Consolidation

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-31407 Cross-site Scripting vulnerability in SAP Business Planning and Consolidation 740/750
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability.
network
low complexity
sap CWE-79
5.4
2023-02-14 CVE-2023-23851 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Planning and Consolidation 200/300
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation.
network
low complexity
sap CWE-434
5.4
2023-01-10 CVE-2023-0016 SQL Injection vulnerability in SAP Business Planning and Consolidation 800/810
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries.
network
low complexity
sap CWE-89
8.8
2022-12-13 CVE-2022-41268 Improper Privilege Management vulnerability in SAP Business Planning and Consolidation
In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used.
network
high complexity
sap CWE-269
7.5
2020-10-15 CVE-2020-6368 Cross-site Scripting vulnerability in SAP Business Planning and Consolidation
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
network
sap CWE-79
3.5
2018-08-02 CVE-2017-16349 XXE vulnerability in SAP Business Planning and Consolidation
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC.
network
low complexity
sap CWE-611
8.1