Vulnerabilities > SAP > S 4Hana

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-38176 SQL Injection vulnerability in SAP products
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database.
network
low complexity
sap CWE-89
8.8
2020-11-10 CVE-2020-6316 Missing Authorization vulnerability in SAP ERP and S/4Hana
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
network
low complexity
sap CWE-862
4.3
2020-04-24 CVE-2020-6212 Missing Authorization vulnerability in SAP ERP and S/4Hana
Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.
network
low complexity
sap CWE-862
5.4
2020-04-14 CVE-2020-6214 Incorrect Authorization vulnerability in SAP S/4Hana 100
SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports.
network
low complexity
sap CWE-863
4.7
2020-02-12 CVE-2020-6185 Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.
network
low complexity
sap CWE-79
5.4
2020-02-12 CVE-2020-6184 Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1