CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-31589
https://notcve.org/view.php?id=CVE-2022-31589
14 Jun 2022 — Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. Debido a una comprobación inapropiada de la autorización, a los usuarios de la empresa usando el programa Israeli File from SHAAM (transacción /ATL/VQ23), les es concedida más autorización de la necesaria para llevar a cabo determi... • https://launchpad.support.sap.com/#/notes/3203065 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-22531
https://notcve.org/view.php?id=CVE-2022-22531
14 Jan 2022 — The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. La aplicación F0743 Create Single Payment de SAP S/4HANA - versiones 100, 101, 102, 103, 104, 105, 106, no comprueba los archivos cargados o descargados. Esto permite a un atacante con derechos de usuario básicos ejecutar... • https://launchpad.support.sap.com/#/notes/3112928 •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-22530
https://notcve.org/view.php?id=CVE-2022-22530
14 Jan 2022 — The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application. La aplicación F0743 Create Single Payment de SAP S/4HANA - versiones 100, 101, 102, 103, 104, 105, 106, no comprueba los archivos cargados o descarga... • https://launchpad.support.sap.com/#/notes/3112928 •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2020-6316
https://notcve.org/view.php?id=CVE-2020-6316
10 Nov 2020 — SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. SAP ERP y SAP S/4 HANA, permiten a un usuario autenticado visualizar los registros de costos de objetos para los que no cuenta con autorización en los reportes de PS, conllevando a una Falta de Comprobación de Autorización • https://launchpad.support.sap.com/#/notes/2944188 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6311
https://notcve.org/view.php?id=CVE-2020-6311
09 Sep 2020 — Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data. Los Servicios Banking de SAP (Bank Analyzer), versión - 500, y SAP S/4HANA para el libro mayor de pr... • https://launchpad.support.sap.com/#/notes/2951325 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6212
https://notcve.org/view.php?id=CVE-2020-6212
24 Apr 2020 — Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. Los reportes Clearing of Liabilities and Remittance Statement and Summary de retención de impuestos ubicados en Egypt en SAP ERP (versiones 618, 730, EAPPL... • https://launchpad.support.sap.com/#/notes/2864966 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6233
https://notcve.org/view.php?id=CVE-2020-6233
14 Apr 2020 — SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system. SAP S/4 HANA (Financial Products Subledger and Banking Services), versiones - FSAPPL 400, 450, 500 y S4FPSL 100, permite a un usuario autenticado ejecutar un reporte de análisis debido a una Falta de Comprobación de Autorización, resultando en una desaceleración del sistema... • https://launchpad.support.sap.com/#/notes/2904796 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6214
https://notcve.org/view.php?id=CVE-2020-6214
14 Apr 2020 — SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system. SAP S/4HANA (Financial Products Subledger), versión 100, utiliza un objeto de autorización incorrecto en algunos reportes. Aunque los reportes afecta... • https://launchpad.support.sap.com/#/notes/2897612 • CWE-863: Incorrect Authorization •