Vulnerabilities > SAP > S 4 Hana

DATE CVE VULNERABILITY TITLE RISK
2024-10-08 CVE-2024-45282 Trusting HTTP Permission Methods on the Server Side vulnerability in SAP S/4 Hana
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method.
network
low complexity
sap CWE-650
5.3
2024-06-11 CVE-2024-34691 Missing Authorization vulnerability in SAP S/4 Hana
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2023-09-12 CVE-2023-41368 Authorization Bypass Through User-Controlled Key vulnerability in SAP S/4 Hana
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.
network
low complexity
sap CWE-639
5.3
2023-09-12 CVE-2023-41369 XXE vulnerability in SAP S/4 Hana
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.
network
low complexity
sap CWE-611
4.3
2020-12-09 CVE-2020-26832 Missing Authorization vulnerability in SAP Netweaver Application Server Abap and S/4 Hana
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
network
low complexity
sap CWE-862
7.6
2020-02-12 CVE-2020-6188 Missing Authorization vulnerability in SAP ERP and S/4 Hana
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
network
low complexity
sap CWE-862
8.8