Vulnerabilities > SAP > S 4Hana
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-14 | CVE-2021-38176 | SQL Injection vulnerability in SAP products Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. | 8.8 |
2020-11-10 | CVE-2020-6316 | Missing Authorization vulnerability in SAP ERP and S/4Hana SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. | 4.3 |
2020-04-24 | CVE-2020-6212 | Missing Authorization vulnerability in SAP ERP and S/4Hana Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. | 5.4 |
2020-04-14 | CVE-2020-6214 | Incorrect Authorization vulnerability in SAP S/4Hana 100 SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. | 4.7 |
2020-02-12 | CVE-2020-6185 | Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. | 5.4 |
2020-02-12 | CVE-2020-6184 | Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |