Vulnerabilities > SAP > S4Core > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-37172 | Missing Authorization vulnerability in SAP S4Core 107/108 SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. | 5.4 |
| 2024-07-09 | CVE-2024-39592 | Missing Authorization vulnerability in SAP S4Core and S4Coreop Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application. | 6.5 |
| 2023-09-12 | CVE-2023-40625 | Missing Authorization vulnerability in SAP S4Core S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. | 5.4 |
| 2023-05-09 | CVE-2023-32112 | Missing Authorization vulnerability in SAP S4Core and Vendor Master Hierarchy Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. | 5.5 |
| 2023-04-11 | CVE-2023-29110 | Cross-site Scripting vulnerability in SAP products The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. | 5.4 |
| 2023-04-11 | CVE-2023-29109 | Improper Neutralization of Formula Elements in a CSV File vulnerability in SAP products The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. | 4.6 |
| 2018-05-09 | CVE-2018-2419 | Missing Authorization vulnerability in SAP Ea-Finserv, S4Core and Sapscore SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 4.6 |