Vulnerabilities > SAP > S4Core

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2024-37172 Missing Authorization vulnerability in SAP S4Core 107/108
SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
5.4
2024-07-09 CVE-2024-39592 Missing Authorization vulnerability in SAP S4Core and S4Coreop
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.
network
low complexity
sap CWE-862
6.5
2023-09-12 CVE-2023-40625 Missing Authorization vulnerability in SAP S4Core
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user.
network
low complexity
sap CWE-862
5.4
2023-07-11 CVE-2023-35870 Incorrect Permission Assignment for Critical Resource vulnerability in SAP S4Core
When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource.
network
low complexity
sap CWE-732
7.3
2023-05-09 CVE-2023-32112 Missing Authorization vulnerability in SAP S4Core and Vendor Master Hierarchy
Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function.
local
low complexity
sap CWE-862
5.5
2023-04-11 CVE-2023-29110 Cross-site Scripting vulnerability in SAP products
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags.
network
low complexity
sap CWE-79
5.4
2023-04-11 CVE-2023-29109 Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP products
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection.
network
low complexity
sap CWE-1236
4.6
2021-09-15 CVE-2021-33701 SQL Injection vulnerability in SAP Dmis, S4Core and Sapscore
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
network
low complexity
sap CWE-89
critical
9.1
2019-01-08 CVE-2018-2484 Missing Authorization vulnerability in SAP products
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8
2018-05-09 CVE-2018-2419 Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
4.6