CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45282 – HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)
https://notcve.org/view.php?id=CVE-2024-45282
08 Oct 2024 — Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted. • https://me.sap.com/notes/3251893 • CWE-650: Trusting HTTP Permission Methods on the Server Side •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-41368 – Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps)
https://notcve.org/view.php?id=CVE-2023-41368
12 Sep 2023 — The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call. El servicio OData de S4 HANA (Manage checkbook apps), versiones 102, 103, 104, 105, 106, 107, permite a un atacante cambiar el nombre del checkbook simulando una llamada OData de actualización. • https://me.sap.com/notes/3355675 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-41369 – External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)
https://notcve.org/view.php?id=CVE-2023-41369
12 Sep 2023 — The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser. La aplicación Create Single Payment de SAP S/4HANA - versiones 100, 101, 102, 103, 104, 105, 106, 107, 108, permite a un atacante cargar el archivo XML como datos adjuntos. Cuando se hace clic e... • https://me.sap.com/notes/3369680 • CWE-611: Improper Restriction of XML External Entity Reference •