Vulnerabilities > SAP > ERP

DATE CVE VULNERABILITY TITLE RISK
2020-11-10 CVE-2020-6316 Missing Authorization vulnerability in SAP ERP and S/4Hana
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
network
low complexity
sap CWE-862
4.0
2020-04-24 CVE-2020-6212 Missing Authorization vulnerability in SAP ERP and S/4Hana
Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.
network
low complexity
sap CWE-862
5.5
2020-03-10 CVE-2020-6199 Missing Authorization vulnerability in SAP ERP 607
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.
network
low complexity
sap CWE-862
5.5
2020-02-12 CVE-2020-6188 Missing Authorization vulnerability in SAP ERP and S/4 Hana
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
network
low complexity
sap CWE-862
6.5
2014-04-10 CVE-2014-2748 Permissions, Privileges, and Access Controls vulnerability in SAP Enhancement Package 6.0
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors.
network
low complexity
sap CWE-264
7.5