CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4139 – Missing Authorization Checks in SAP S/4 HANA (Manage Bank Statement Reprocessing Rules)
https://notcve.org/view.php?id=CVE-2024-4139
14 May 2024 — Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected. Manage Bank Statement ReProcessing Rules no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Al explota... • https://me.sap.com/notes/3434666 • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28165 – Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-28165
14 May 2024 — SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application La plataforma SAP Business Objects Business Intelligence es vulnerable al XSS almacenado, lo que permite a un atacante manipular un parámetro en la URL de Opendocument, lo que podría tener un alto impacto en la confidencialidad y la integridad de la aplicación. • https://me.sap.com/notes/3431794 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-33000 – Missing Authorization check in SAP Bank Account Management
https://notcve.org/view.php?id=CVE-2024-33000
14 May 2024 — SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the system. SAP Bank Account Management no realiza la verificación de autorización necesaria para un usuario autorizado, lo que resulta en una escalada de privilegios. Como resultado, tiene un bajo impacto en la confidencialidad del sistema. • https://me.sap.com/notes/3392049 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-33008 – Memory Corruption vulnerability in SAP Replication Server
https://notcve.org/view.php?id=CVE-2024-33008
14 May 2024 — SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system. SAP Replication Server permite a un atacante utilizar una puerta de enlace para ejecutar algunos comandos a RSSD. Esto podría provocar que el servidor de replicación colapse debido a daños en la memoria con un alto impacto en la disponibilidad del sistema. • https://me.sap.com/notes/3349468 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-33007 – Client-side script execution vulnerability in SAP UI5(PDFViewer)
https://notcve.org/view.php?id=CVE-2024-33007
14 May 2024 — PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded in the PDF which can cause a potential security threat. PDFViewer es un control entregado como parte del producto SAPUI5 que muestra el contenido del PDF en modo incrustado de forma predeterminada. Si un documento PDF contiene JavaScript incrustado (o cualqu... • https://me.sap.com/notes/3446076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32731 – Missing Authorization check in SAP My Travel Requests
https://notcve.org/view.php?id=CVE-2024-32731
14 May 2024 — SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application. SAP My Travel Requests no realiza las comprobaciones de autorización necesarias para un usuario autenticado, lo que da lugar a una escalada de privilegios. Si la explotac... • https://me.sap.com/notes/3447467 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32730 – Missing authorization check in SAP Enable Now Manager
https://notcve.org/view.php?id=CVE-2024-32730
26 Apr 2024 — SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the confidentiality of the application. SAP Enable Now Manager no realiza las comprobaciones de autorización necesarias para un usuario autenticado, lo que da lugar a una escalada de privilegios. Si la explotación tiene éxit... • https://me.sap.com/notes/3441944 • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-30218 – Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-30218
09 Apr 2024 — The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. El servidor de aplicaciones ABAP de SAP NetWeaver, así como la plataforma ABAP, permiten a un atacante impedir que usuarios legítimos accedan a un servicio, ya sea bloqueando o inundando el servicio. Esto tiene un impacto considerable en la disponibilidad. The ABAP Applic... • https://me.sap.com/notes/3359778 • CWE-400: Uncontrolled Resource Consumption CWE-605: Multiple Binds to the Same Port •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30215 – Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
https://notcve.org/view.php?id=CVE-2024-30215
09 Apr 2024 — The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. La página Resource Settings permite a un atacante con altos privilegios cargar un payload explotable para almacenarlo y reflejarlo cada vez que un usuario visita la pá... • https://me.sap.com/notes/3421453 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30214 – Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
https://notcve.org/view.php?id=CVE-2024-30214
09 Apr 2024 — The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side. La aplicación permite que un atacante con privilegios elevados agregue un parámetro de consulta GET malicioso a las invocaciones del Servicio, que se reflejan en la respuesta del servidor. En determinadas circunstancias, si el parámetro c... • https://me.sap.com/notes/3421453 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •