Vulnerabilities > SAP > BW 4Hana
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-11 | CVE-2024-37176 | Missing Authorization vulnerability in SAP Bw/4Hana SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. | 5.4 |
| 2023-07-11 | CVE-2023-33992 | Missing Authorization vulnerability in SAP Business Warehouse and Bw/4Hana The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. | 6.5 |
| 2021-01-12 | CVE-2021-21466 | Code Injection vulnerability in SAP Business Warehouse and Bw/4Hana SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. | 8.8 |
| 2020-12-09 | CVE-2020-26838 | OS Command Injection vulnerability in SAP Business Warehouse and Bw/4Hana SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. | 9.1 |
| 2019-01-08 | CVE-2019-0243 | Missing Authorization vulnerability in SAP Bw/4Hana 1.0 Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |