Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-34683 Unspecified vulnerability in SAP Document Builder
An authenticated attacker can upload malicious file to SAP Document Builder service.
network
low complexity
sap
6.5
2024-06-11 CVE-2024-34684 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430/440
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account.
local
low complexity
sap
6.0
2024-06-11 CVE-2024-34686 Unspecified vulnerability in SAP Customer Relationship Management Webclient UI
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script.
network
low complexity
sap
6.1
2024-06-11 CVE-2024-34688 Unspecified vulnerability in SAP Netweaver Application Server Java Mmrserver7.5
Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it.
network
low complexity
sap
7.5
2024-06-11 CVE-2024-34690 Unspecified vulnerability in SAP Student Life Cycle Management
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges.
network
low complexity
sap
5.4
2024-06-11 CVE-2024-34691 Unspecified vulnerability in SAP S/4 Hana
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap
6.5
2024-06-11 CVE-2024-37176 Unspecified vulnerability in SAP Bw/4Hana
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks.
network
low complexity
sap
5.4
2024-04-09 CVE-2024-27898 Unspecified vulnerability in SAP Netweaver 7.5
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability.
network
low complexity
sap
5.3
2024-03-12 CVE-2024-22127 Unspecified vulnerability in SAP Netweaver Application Server Java 7.5
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability.
network
low complexity
sap
critical
9.1
2024-03-12 CVE-2024-25645 Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.50
Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.
network
low complexity
sap
5.3