Latest Sap Vulnerabilities

Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)
Sap Gui Connector=1.0
Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager
SAP NetWeaver=kernel_7.22
SAP NetWeaver=kernel_7.53
SAP NetWeaver=kernel_7.54
SAP NetWeaver=krnl64nuc_7.22
SAP NetWeaver=krnl64nuc_7.22ext
SAP NetWeaver=krnl64uc_7.22ext
and 4 more
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform
SAP NetWeaver Application Server ABAP=79
SAP NetWeaver Application Server ABAP=700
SAP NetWeaver Application Server ABAP=701
SAP NetWeaver Application Server ABAP=702
SAP NetWeaver Application Server ABAP=731
SAP NetWeaver Application Server ABAP=740
and 10 more
Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
SAP Application Interface Framework=702
Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)
Sap S\/4hana Finance=107
Sap S\/4hana Finance=128
Improper Authorization check in SAP LT Replication Server
SAP LT Replication Server=s4core_103
SAP LT Replication Server=s4core_104
SAP LT Replication Server=s4core_105
SAP LT Replication Server=s4core_106
SAP LT Replication Server=s4core_107
SAP LT Replication Server=s4core_108
URL Redirection vulnerability in SAP Marketing (Contacts App)
SAP Marketing=160
Privilege Escalation Vulnerability
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 19 more
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008
Microsoft Windows 11=21H2
Microsoft Windows Server 2008
Microsoft Windows 10=21H2
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
and 69 more
Microsoft Power Platform Connector Spoofing Vulnerability
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Azure Logic Apps<3.23113
Microsoft Power Platform<3.23113
Apple Webkit
Microsoft Power Platform
and 22 more
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows 10=1809
Microsoft Windows 10=1607
Microsoft Windows 10=1809
Microsoft Windows Server 2012
Microsoft Windows 11=22H2
and 70 more
Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 10=21H2
Microsoft Windows 11=22H2
Microsoft Windows 10=21H2
Microsoft Windows 10
Microsoft Windows 10=22H2
and 65 more
Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)
pip/sap-xssec<4.1.0
Sap Sap-xssec<4.1.0
Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID
Sap Emarsys Sdk=3.6.2
Command Injection vulnerability in SAP Solution Manager
SAP Solution Manager=720
Client-Side Desynchronization vulnerability in SAP Fiori Launchpad
SAP Fiori Launchpad=200
SAP Fiori Launchpad=700
SAP Fiori Launchpad=750
SAP Fiori Launchpad=754
SAP Fiori Launchpad=755
SAP Fiori Launchpad=756
and 3 more
Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library)
<2.17.0
>=3.0.0<3.3.0
Sap Cloud-security-services-integration-library<2.17.0
Sap Cloud-security-services-integration-library>=3.0.0<3.3.0
maven/com.sap.cloud.security:spring-security>=3.0.0<3.3.0
maven/com.sap.cloud.security:spring-security<2.17.0
and 4 more
Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec)
Sap \@sap\/xssec<3.6.0
npm/@sap/xssec<3.6.0
SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
=700
=731
=740
=750
Information disclosure in SAP GUI for Windows and SAP GUI for Java
Sap Graphical User Interface=sap_basis_755
Sap Graphical User Interface=sap_basis_755
Sap Graphical User Interface=sap_basis_756
Sap Graphical User Interface=sap_basis_756
Sap Graphical User Interface=sap_basis_757
Sap Graphical User Interface=sap_basis_757
and 2 more
Denial of service (DOS) in SAP Cloud Connector
SAP Cloud Connector=2.0
Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)
Sap Human Capital Management=s4hcmcie_100
Sap Human Capital Management=sap_hrcie_600
Sap Human Capital Management=sap_hrcie_604
Sap Human Capital Management=sap_hrcie_608
Directory Traversal vulnerability in SAP Master Data Governance
SAP Master Data Governance=731
SAP Master Data Governance=732
SAP Master Data Governance=746
SAP Master Data Governance=747
SAP Master Data Governance=748
SAP Master Data Governance=749
and 11 more
Improper Access Control vulnerability in SAP Commerce Cloud
SAP Commerce Cloud=8.1
Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct
SAP Biller Direct=635
SAP Biller Direct=750
Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform
SAP Business Objects Business Intelligence Platform=420
SAP Business Objects Business Intelligence Platform=430
Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence
SAP BusinessObjects Web Intelligence=420
Double free in cache management
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 30 more
Use After Free in DSP Services
Qualcomm Multiple Chipsets
Google Android
Qualcomm 315 5g Iot Modem Firmware
Qualcomm 315 5g Iot Modem
Google Android
Qualcomm Apq8017
and 581 more
Use of Out-of-range Pointer Offset in Graphics
Qualcomm Multiple Chipsets
Google Android
Google Android
Qualcomm Ar8035
Qualcomm Csra6620 Firmware
Google Android
and 325 more
Integer Overflow or Wraparound in Graphics Linux
Apple Webkit
Microsoft Power Platform
Microsoft Azure Logic Apps
Microsoft Windows
Adobe Prelude
Adobe Illustrator
and 503 more
Information Disclosure in NetWeaver AS Java Logon
SAP NetWeaver Application Server Java=7.50
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP=kernel_7.22
SAP NetWeaver Application Server ABAP=kernel_7.53
SAP NetWeaver Application Server ABAP=kernel_7.54
SAP NetWeaver Application Server ABAP=kernel_7.77
SAP NetWeaver Application Server ABAP=kernel_7.85
SAP NetWeaver Application Server ABAP=kernel_7.89
and 9 more
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated a...
Sap Enable Now Enable Now Consump Del=1704
Sap Enable Now Wpb Manager=1.0
Sap Enable Now Wpb Manager Ce=10
Sap Enable Now Wpb Manager Hana=10
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integri...
SAP NetWeaver Application Server Java=7.50
The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.
Sap S\/4hana=102
Sap S\/4hana=103
Sap S\/4hana=104
Sap S\/4hana=105
Sap S\/4hana=106
Sap S\/4hana=128
SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an att...
SAP BusinessObjects Web Intelligence=420
S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confi...
Sap S\/4hana=106
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, w...
SAP PowerDesigner=16.7
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. A...
Sap Business One=10.0
An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. Thi...
Sap Privileges<1.5.4
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unint...
Sap S4core=102
Sap S4core=103
Sap S4core=104
Sap S4core=105
Sap S4core=106
Sap S4core=107
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaSc...
SAP NetWeaver Application Server ABAP=702
SAP NetWeaver Application Server ABAP=731
SAP NetWeaver Application Server ABAP=754
SAP NetWeaver Application Server ABAP=755
SAP NetWeaver Application Server ABAP=756
SAP NetWeaver Application Server ABAP=757
and 1 more
SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On...
SAP BusinessObjects=420
SAP BusinessObjects=430
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depend...
SAP CommonCryptoLib=8.0.0
SAP Content Server=6.50
SAP Content Server=7.53
SAP Content Server=7.54
Sap Extended Application Services And Runtime=1.0
SAP HANA Database=2.0
and 41 more
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise...
SAP BusinessObjects Business Intelligence=420
SAP BusinessObjects Business Intelligence=430
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on ...
SAP PowerDesigner=16.7
Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system ...
Sap Businessobjects Business Intelligence Platform=420
Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, wh...
SAP BusinessObjects Business Intelligence=430
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.
Sap S\/4 Hana=102
Sap S\/4 Hana=103
Sap S\/4 Hana=104
Sap S\/4 Hana=105
Sap S\/4 Hana=106
Sap S\/4 Hana=107

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203