Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-11 CVE-2024-28164 Unspecified vulnerability in SAP Netweaver Application Server Java Gpcore7.5
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application.
network
low complexity
sap
5.3
2024-06-11 CVE-2024-33001 Unspecified vulnerability in SAP Netweaver Application Server Abap 20081710/740/Stpi20081700
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application.
network
low complexity
sap
6.5
2024-06-11 CVE-2024-34683 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Document Builder
An authenticated attacker can upload malicious file to SAP Document Builder service.
network
low complexity
sap CWE-434
6.5
2024-06-11 CVE-2024-34684 Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430/440
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account.
local
low complexity
sap
6.0
2024-06-11 CVE-2024-34686 Cross-site Scripting vulnerability in SAP Customer Relationship Management Webclient UI
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script.
network
low complexity
sap CWE-79
6.1
2024-06-11 CVE-2024-34690 Missing Authorization vulnerability in SAP Student Life Cycle Management
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges.
network
low complexity
sap CWE-862
5.4
2024-06-11 CVE-2024-34691 Missing Authorization vulnerability in SAP S/4 Hana
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2024-06-11 CVE-2024-37176 Missing Authorization vulnerability in SAP Bw/4Hana
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks.
network
low complexity
sap CWE-862
5.4
2024-02-13 CVE-2024-24741 Missing Authorization vulnerability in SAP Master Data Governance for Material Data
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
4.3
2024-02-13 CVE-2024-25643 Missing Authorization vulnerability in SAP Fiori 605
The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges.
network
low complexity
sap CWE-862
4.3