Vulnerabilities > SAP > Business Planning AND Consolidation > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-31407 Cross-site Scripting vulnerability in SAP Business Planning and Consolidation 740/750
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability.
network
low complexity
sap CWE-79
5.4
2023-02-14 CVE-2023-23851 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Planning and Consolidation 200/300
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation.
network
low complexity
sap CWE-434
5.4
2020-10-15 CVE-2020-6368 Cross-site Scripting vulnerability in SAP Business Planning and Consolidation
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
network
low complexity
sap CWE-79
5.4