Vulnerabilities > SAP > BW 4Hana

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-37176 Missing Authorization vulnerability in SAP Bw/4Hana
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks.
network
low complexity
sap CWE-862
5.4
2023-07-11 CVE-2023-33992 Missing Authorization vulnerability in SAP Business Warehouse and Bw/4Hana
The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response.
network
low complexity
sap CWE-862
6.5
2021-01-12 CVE-2021-21466 Code Injection vulnerability in SAP Business Warehouse and Bw/4Hana
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network.
network
low complexity
sap CWE-94
8.8
2020-12-09 CVE-2020-26838 OS Command Injection vulnerability in SAP Business Warehouse and Bw/4Hana
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction.
network
low complexity
sap CWE-78
critical
9.0
2019-01-08 CVE-2019-0243 Missing Authorization vulnerability in SAP Bw/4Hana 1.0
Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08)) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5