CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6212
https://notcve.org/view.php?id=CVE-2020-6212
24 Apr 2020 — Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. Los reportes Clearing of Liabilities and Remittance Statement and Summary de retención de impuestos ubicados en Egypt en SAP ERP (versiones 618, 730, EAPPL... • https://launchpad.support.sap.com/#/notes/2864966 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6199
https://notcve.org/view.php?id=CVE-2020-6199
10 Mar 2020 — The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check. La vista FIMENAV_COMPCERT en SAP ERP (MENA Certificate Management), EAPPGLO versión 607, SAP_FIN versiones 618, 730 y SAP S/4HANA... • https://launchpad.support.sap.com/#/notes/2871167 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6188
https://notcve.org/view.php?id=CVE-2020-6188
12 Feb 2020 — VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check. Los reportes de VAT Pro-Rata en SAP ERP (SAP_APPL versiones 600, 602, 603, 604, 605, 606, 616 y SAP_FIN versiones 617, 618, 700, 720, 730) y SAP S/4 HANA (versiones 100, 101, 102 , 103, 104), no realizan las comprobac... • https://launchpad.support.sap.com/#/notes/2857511 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2019-0386
https://notcve.org/view.php?id=CVE-2019-0386
13 Nov 2019 — Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges. El procesamiento de pedidos en SAP ERP Sales (corregido en SAP_APPL versiones 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) y S4HANA Sales (corregido en S4CORE versiones 1.0, 1.01, 1.02, 1.03, 1.04), n... • https://launchpad.support.sap.com/#/notes/2840520 • CWE-862: Missing Authorization •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0325
https://notcve.org/view.php?id=CVE-2019-0325
10 Jul 2019 — SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data. SAP ERP HCM (SAP_HRCES), versión 3, no realiza las comprobaciones de autorización necesarias para un reporte que lee los datos de nómina de los empleados en un área determinada. Debido a est... • http://www.securityfocus.com/bid/109075 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2381
https://notcve.org/view.php?id=CVE-2018-2381
14 Feb 2018 — SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) no realiza las comprobaciones necesarias de autorización para un usuario autenticado, lo que r... • http://www.securityfocus.com/bid/103010 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2748
https://notcve.org/view.php?id=CVE-2014-2748
10 Apr 2014 — The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information. La funcionalidad de registro de auditoría de seguridad en SAP Enhancement Package (EHP) 6 para SAP ERP 6.0 permite a atacantes remotos modificar o eliminar clases de registro arbitrarias a través de vectores no especificados. NOTA: algunos de estos detalles se obtien... • http://secunia.com/advisories/57741 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2013-6284
https://notcve.org/view.php?id=CVE-2013-6284
26 Oct 2013 — Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability." Vulnerabilidad sin especificar en el componente Statutory Reporting for Insurance (FS_SR) del módulo Financial Services para SAP ERP Central Component (ECC) permite a atacantes ejecutar código arbitrario a través de vectores sin especificar, rel... • http://scn.sap.com/docs/DOC-8218 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3244
https://notcve.org/view.php?id=CVE-2013-3244
24 Oct 2013 — Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. Múltiples vulnerabilidades no especificadas en la función CJDB_FILL_MEMORY_FROM_PPB en el módulo del Sistema de proyectos (PS-IS) de SAP ERP Central Component (ECC), que permite a atacantes remotos ejecutar código arbitrario a través de un (1) RFC o (2) la solicitud SOAP ... • http://scn.sap.com/docs/DOC-8218 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3061
https://notcve.org/view.php?id=CVE-2013-3061
01 May 2013 — The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. La función ishmed-PATRED_TRANSACT_RFCCALL en el componente Industry-Specific Component Hospital IS-H en la solución SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), permite a los usuarios re... • http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html • CWE-264: Permissions, Privileges, and Access Controls •