Vulnerabilities > SAP > S 4Hana > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-42473 Missing Authorization vulnerability in SAP S/4Hana 106
S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application.
network
low complexity
sap CWE-862
5.4
2023-10-10 CVE-2023-42475 Information Exposure Through an Error Message vulnerability in SAP S/4Hana
The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.
network
low complexity
sap CWE-209
4.3
2023-09-08 CVE-2023-40306 Open Redirect vulnerability in SAP S/4Hana
SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation.
network
low complexity
sap CWE-601
6.1
2023-02-14 CVE-2023-24524 Missing Authorization vulnerability in SAP S/4Hana 104/105
SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2022-07-12 CVE-2022-31597 Missing Authorization vulnerability in SAP S/4Hana and Sapscore
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
network
low complexity
sap CWE-862
5.5
2022-07-12 CVE-2022-32248 Improper Input Validation vulnerability in SAP S/4Hana
Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database.
network
low complexity
sap CWE-20
5.0
2022-06-14 CVE-2022-31589 Unspecified vulnerability in SAP products
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
network
low complexity
sap
6.5
2022-02-09 CVE-2022-22542 Information Exposure vulnerability in SAP S/4Hana 104/105/106
S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.
network
low complexity
sap CWE-200
6.5
2020-11-10 CVE-2020-6316 Missing Authorization vulnerability in SAP ERP and S/4Hana
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
network
low complexity
sap CWE-862
4.0
2020-04-24 CVE-2020-6212 Missing Authorization vulnerability in SAP ERP and S/4Hana
Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.
network
low complexity
sap CWE-862
5.5