CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44121 – Information Disclosure in SAP S/4 HANA (Statutory Reports)
https://notcve.org/view.php?id=CVE-2024-44121
Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application • https://me.sap.com/notes/3437585 https://url.sap/sapsecuritypatchday • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4138 – Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
https://notcve.org/view.php?id=CVE-2024-4138
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected. Manage Bank Statement ReProcessing Rules no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Al explotar esta vulnerabilidad, un atacante puede habilitar/deshabilitar la regla de uso compartido de otros usuarios que afecta la integridad de la aplicación. • https://me.sap.com/notes/3434666 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4139 – Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
https://notcve.org/view.php?id=CVE-2024-4139
Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected. Manage Bank Statement ReProcessing Rules no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Al explotar esta vulnerabilidad, un atacante puede eliminar reglas de otros usuarios que afecten la integridad de la aplicación. • https://me.sap.com/notes/3434666 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-41368 – Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps)
https://notcve.org/view.php?id=CVE-2023-41368
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call. El servicio OData de S4 HANA (Manage checkbook apps), versiones 102, 103, 104, 105, 106, 107, permite a un atacante cambiar el nombre del checkbook simulando una llamada OData de actualización. • https://me.sap.com/notes/3355675 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-41369 – External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)
https://notcve.org/view.php?id=CVE-2023-41369
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser. La aplicación Create Single Payment de SAP S/4HANA - versiones 100, 101, 102, 103, 104, 105, 106, 107, 108, permite a un atacante cargar el archivo XML como datos adjuntos. Cuando se hace clic en el archivo XML en la sección de datos adjuntos, el archivo se abre en el navegador para hacer que los bucles de entidad ralenticen el navegador. • https://me.sap.com/notes/3369680 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-611: Improper Restriction of XML External Entity Reference •