Filtered by vendor Sap Subscriptions

Search

Switch to Advanced Search (Beta)
Total 1525 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-39591 1 Sap 1 Document Builder 2024-09-12 4.3 Medium
SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application.
CVE-2024-41734 1 Sap 1 Netweaver Application Server Abap 2024-09-12 4.3 Medium
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.
CVE-2024-42373 1 Sap 1 Student Life Cycle Management 2024-09-12 4.3 Medium
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application.
CVE-2024-41732 1 Sap 1 Netweaver Application Server Abap 2024-09-11 4.7 Medium
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application.
CVE-2024-44120 1 Sap 1 Netweaver Enterprise Portal 2024-09-10 4.7 Medium
SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.