CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2023-36924 – Log Injection vulnerability in SAP ERP Defense Forces and Public Security
https://notcve.org/view.php?id=CVE-2023-36924
11 Jul 2023 — While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application. • https://me.sap.com/notes/3351410 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-31589
https://notcve.org/view.php?id=CVE-2022-31589
14 Jun 2022 — Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. Debido a una comprobación inapropiada de la autorización, a los usuarios de la empresa usando el programa Israeli File from SHAAM (transacción /ATL/VQ23), les es concedida más autorización de la necesaria para llevar a cabo determi... • https://launchpad.support.sap.com/#/notes/3203065 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-38164
https://notcve.org/view.php?id=CVE-2021-38164
14 Sep 2021 — SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to. SAP ERP Financi... • https://launchpad.support.sap.com/#/notes/3068582 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2020-6316
https://notcve.org/view.php?id=CVE-2020-6316
10 Nov 2020 — SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. SAP ERP y SAP S/4 HANA, permiten a un usuario autenticado visualizar los registros de costos de objetos para los que no cuenta con autorización en los reportes de PS, conllevando a una Falta de Comprobación de Autorización • https://launchpad.support.sap.com/#/notes/2944188 • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-6268
https://notcve.org/view.php?id=CVE-2020-6268
10 Jun 2020 — Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check. Statutory Reporting de Insurance Companies en SAP ERP (EA-FINSERV versiones - 600, 603, 604, 605, 606, 616, 617, 618, 800 y S4CORE versiones 101, 102, 103, 104) no... • https://launchpad.support.sap.com/#/notes/2906996 • CWE-862: Missing Authorization •