Vulnerabilities > SAP
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-13 | CVE-2024-41736 | Unspecified vulnerability in SAP Permit to Work Uis4Hop1800/Uis4Hop1900 Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. | 4.3 |
2024-08-13 | CVE-2024-41737 | Server-Side Request Forgery (SSRF) vulnerability in SAP CRM Abap Insights Management SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. | 5.0 |
2024-08-13 | CVE-2024-42374 | XML Injection (aka Blind XPath Injection) vulnerability in SAP BEX web Java Runtime Export web Service BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. | 8.2 |
2024-08-13 | CVE-2024-42375 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430/440 SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. | 4.3 |
2024-08-13 | CVE-2024-42376 | Missing Authorization vulnerability in SAP Shared Service Framework SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 6.5 |
2024-08-13 | CVE-2024-42377 | Missing Authorization vulnerability in SAP Shared Service Framework SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application | 4.3 |
2024-07-09 | CVE-2024-34689 | Server-Side Request Forgery (SSRF) vulnerability in SAP Business Workflow and SAP Basis WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. | 5.0 |
2024-07-09 | CVE-2024-34692 | Unspecified vulnerability in SAP Enable NOW Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files. | 4.6 |
2024-07-09 | CVE-2024-37171 | Unspecified vulnerability in SAP Saptmui and Transportation Management SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application. | 5.0 |
2024-07-09 | CVE-2024-37172 | Unspecified vulnerability in SAP S4Core 107/108 SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 5.4 |