CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47587 – Missing authorization check in SAP Cash Management (Cash Operations)
https://notcve.org/view.php?id=CVE-2024-47587
Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application. • https://me.sap.com/notes/3498470 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-47586 – NULL Pointer Dereference vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-47586
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. • https://me.sap.com/notes/3504390 https://url.sap/sapsecuritypatchday • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45282 – HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)
https://notcve.org/view.php?id=CVE-2024-45282
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted. • https://me.sap.com/notes/3251893 https://url.sap/sapsecuritypatchday • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37179 – Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)
https://notcve.org/view.php?id=CVE-2024-37179
SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on confidentiality of the application. • https://me.sap.com/notes/3478615 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2024-45285 – Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-45285
The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application. • https://me.sap.com/notes/3488039 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •