Vulnerabilities > SAP > S 4Hana > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-14 CVE-2020-6214 Incorrect Authorization vulnerability in SAP S/4Hana 100
SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports.
network
low complexity
sap CWE-863
4.7
2020-02-12 CVE-2020-6185 Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.
network
low complexity
sap CWE-79
5.4
2020-02-12 CVE-2020-6184 Cross-site Scripting vulnerability in SAP Netweaver and S/4Hana
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1