Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2024-08-13 CVE-2024-41736 Unspecified vulnerability in SAP Permit to Work Uis4Hop1800/Uis4Hop1900
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application.
network
low complexity
sap
4.3
2024-08-13 CVE-2024-41737 Server-Side Request Forgery (SSRF) vulnerability in SAP CRM Abap Insights Management
SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests.
network
low complexity
sap CWE-918
5.0
2024-08-13 CVE-2024-42374 XML Injection (aka Blind XPath Injection) vulnerability in SAP BEX web Java Runtime Export web Service
BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source.
network
low complexity
sap CWE-91
8.2
2024-08-13 CVE-2024-42375 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 420/430/440
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2024-08-13 CVE-2024-42376 Missing Authorization vulnerability in SAP Shared Service Framework
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2024-08-13 CVE-2024-42377 Missing Authorization vulnerability in SAP Shared Service Framework
SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application
network
low complexity
sap CWE-862
4.3
2024-07-09 CVE-2024-34689 Server-Side Request Forgery (SSRF) vulnerability in SAP Business Workflow and SAP Basis
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests.
network
low complexity
sap CWE-918
5.0
2024-07-09 CVE-2024-34692 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Enable NOW
Due to missing verification of file type or content, SAP Enable Now allows an authenticated attacker to upload arbitrary files.
network
low complexity
sap CWE-434
4.6
2024-07-09 CVE-2024-37171 Server-Side Request Forgery (SSRF) vulnerability in SAP Saptmui and Transportation Management
SAP Transportation Management (Collaboration Portal) allows an attacker with non-administrative privileges to send a crafted request from a vulnerable web application.
network
low complexity
sap CWE-918
5.0
2024-07-09 CVE-2024-37172 Missing Authorization vulnerability in SAP S4Core 107/108
SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
5.4