Vulnerabilities > SAP > Business Planning AND Consolidation > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-31407 Cross-site Scripting vulnerability in SAP Business Planning and Consolidation 740/750
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability.
network
low complexity
sap CWE-79
5.4
2023-02-14 CVE-2023-23851 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Planning and Consolidation 200/300
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation.
network
low complexity
sap CWE-434
5.4