Vulnerabilities > SAP

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2024-21735 Unspecified vulnerability in SAP LT Replication Server
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks.
network
low complexity
sap
7.2
2023-12-12 CVE-2023-50424 Unspecified vulnerability in SAP Cloud-Security-Client-Go
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges.
network
low complexity
sap
critical
9.8
2023-12-12 CVE-2023-49577 Unspecified vulnerability in SAP Human Capital Management
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2023-12-12 CVE-2023-49578 Unspecified vulnerability in SAP Cloud Connector 2.0
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.
low complexity
sap
3.5
2023-12-12 CVE-2023-49580 Unspecified vulnerability in SAP Graphical User Interface
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential.
network
low complexity
sap
7.3
2023-12-12 CVE-2023-49581 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential.
network
low complexity
sap
critical
9.4
2023-12-12 CVE-2023-49583 Unspecified vulnerability in SAP @Sap/XSSec
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges.
network
low complexity
sap
critical
9.8
2023-12-12 CVE-2023-49584 Unspecified vulnerability in SAP Fiori Launchpad
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.
network
low complexity
sap
4.3
2023-12-12 CVE-2023-49587 Command Injection vulnerability in SAP Solution Manager 720
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.
network
low complexity
sap CWE-77
6.4
2023-12-12 CVE-2023-50422 Unspecified vulnerability in SAP Cloud-Security-Services-Integration-Library
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges.
network
low complexity
sap
critical
9.8