Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-44112 Missing Authorization vulnerability in SAP OIL %/ GAS
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table.
network
low complexity
sap CWE-862
4.3
2024-08-13 CVE-2024-39591 Missing Authorization vulnerability in SAP Document Builder
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
network
low complexity
sap CWE-862
5.3
2024-08-13 CVE-2024-41734 Missing Authorization vulnerability in SAP Netweaver Application Server Abap
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information.
network
low complexity
sap CWE-862
4.3
2024-08-13 CVE-2024-42373 Missing Authorization vulnerability in SAP Student Life Cycle Management
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges.
network
low complexity
sap CWE-862
5.4
2024-08-13 CVE-2024-28166 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2024-08-13 CVE-2024-33005 Missing Authorization vulnerability in SAP products
Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions.
local
low complexity
sap CWE-862
6.3
2024-08-13 CVE-2024-41731 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business Objects Business Intelligence Platform 430/440/Enterprise420
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application.
network
low complexity
sap CWE-434
4.3
2024-08-13 CVE-2024-41732 Unspecified vulnerability in SAP Netweaver Application Server Abap
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls.
network
low complexity
sap
5.4
2024-08-13 CVE-2024-41733 Unspecified vulnerability in SAP Commerce Comcloud2211/Hycom2205
In SAP Commerce, valid user accounts can be identified during the customer registration and login processes.
network
low complexity
sap
5.3
2024-08-13 CVE-2024-41735 Cross-site Scripting vulnerability in SAP Commerce Backoffice Hycom2205
SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application.
network
low complexity
sap CWE-79
5.4