CVSS: 10.0EPSS: 61%CPEs: 1EXPL: 19CVE-2025-31324 – SAP NetWeaver Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2025-31324
24 Apr 2025 — SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries. • https://github.com/rxerium/CVE-2025-31324 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31328 – Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution)
https://notcve.org/view.php?id=CVE-2025-31328
22 Apr 2025 — SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability. SAP Learning Solution es vulnerable a Cross-Site Request Forgery (CSRF), lo que permite a un atacante engañar a un usuario autenticado para... • https://me.sap.com/notes/3446649 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31327 – OData meta-data property entity tampering in SAP Field Logistics
https://notcve.org/view.php?id=CVE-2025-31327
22 Apr 2025 — SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted. La propiedad de metadatos OData de la aplicación SAP Field Logistics Manage Logistics es vulnerable a la manipulación de datos, por lo que ciertos campos podrían ser modificados externamente por un atacante, lo que tendría un impa... • https://me.sap.com/notes/3359825 • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31333 – Odata meta-data tampering in SAP S4CORE entity
https://notcve.org/view.php?id=CVE-2025-31333
08 Apr 2025 — SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted. La propiedad de metadatos OData de SAP S4CORE es vulnerable a la manipulación de datos, por lo que un atacante podría modificar externamente el conjunto de entidades, lo que tendría un impacto mínimo en la integridad de la aplicación. La confidencialidad y la disponibilida... • https://me.sap.com/notes/3525971 • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31332 – Insecure File permissions vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2025-31332
08 Apr 2025 — Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on integrity and availability. However, this vulnerability does not disclose any sensitive data. Debido a la falta de seguridad en los permisos de archivo de SAP BusinessObjects Business Intelligence Platform, un atacante con acceso local al sistema podría modificar ... • https://me.sap.com/notes/3565751 • CWE-277: Insecure Inherited Permissions •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2025-31331 – Authorization Bypass vulnerability in SAP NetWeaver
https://notcve.org/view.php?id=CVE-2025-31331
08 Apr 2025 — SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality. SAP NetWeaver permite a un atacante eludir las comprobaciones de autorización, lo que le permite ver fragmentos de código ABAP que normalmente requerirían va... • https://me.sap.com/notes/3577131 • CWE-863: Incorrect Authorization •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30017 – Missing Authorization check in SAP Solution Manager
https://notcve.org/view.php?id=CVE-2025-30017
08 Apr 2025 — Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application. Debido a la falta de una verificación de autorización, un atacante autenticado podría cargar un archivo como plantilla para la documentación de la solución en SAP Solution Manager 7.1. Tras una explotación exitosa, un atacante puede ten... • https://me.sap.com/notes/3558864 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30016 – Authentication Bypass Vulnerability in SAP Financial Consolidation
https://notcve.org/view.php?id=CVE-2025-30016
08 Apr 2025 — SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application. SAP Financial Consolidation permite que un atacante no autenticado obtenga acceso no autorizado a la cuenta de administrador. La vulnerabilidad surge debido a mecanismos de autenticación inadecuados, lo que afecta gravemente la ... • https://me.sap.com/notes/3572688 • CWE-921: Storage of Sensitive Data in a Mechanism without Access Control •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30015 – Memory Corruption vulnerability in SAP NetWeaver and ABAP Platform (Application Server ABAP)
https://notcve.org/view.php?id=CVE-2025-30015
08 Apr 2025 — Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application. Debido a la gestión incorrecta de direcciones de memoria en ABAP SQL de SAP NetWeaver y la plataforma ABAP (Servidor de Aplicaciones ABAP... • https://me.sap.com/notes/3565944 • CWE-787: Out-of-bounds Write •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-30014 – Directory Traversal vulnerability in SAP Capital Yield Tax Management
https://notcve.org/view.php?id=CVE-2025-30014
08 Apr 2025 — SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don�t have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected. SAP Capital Yield Tax Management presenta una vulnerabilidad de directory traversal debido a una validación de ruta insuficiente. Esto podría permitir que un atacante con pocos privilegios lea archivo... • https://me.sap.com/notes/2927164 • CWE-35: Path Traversal: '.../ •