Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Filtered by product S\/4 Hana
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-45282 1 Sap 1 S\/4 Hana 2024-11-14 N/A 5.3 MEDIUM
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.
CVE-2024-34691 1 Sap 1 S\/4 Hana 2024-08-16 N/A 6.5 MEDIUM
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system.
CVE-2020-26832 1 Sap 2 Netweaver As Abap, S\/4 Hana 2024-02-04 7.5 HIGH 7.6 HIGH
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
CVE-2020-6188 1 Sap 2 Erp, S\/4 Hana 2024-02-04 6.5 MEDIUM 8.8 HIGH
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.