Vulnerabilities > SAP > S4Core > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-11 CVE-2023-35870 Incorrect Permission Assignment for Critical Resource vulnerability in SAP S4Core
When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource.
network
low complexity
sap CWE-732
7.3
2019-01-08 CVE-2018-2484 Missing Authorization vulnerability in SAP products
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
8.8