Filtered by vendor Sap Subscriptions
Filtered by product S\/4 Hana Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-34691 1 Sap 1 S\/4 Hana 2024-11-21 6.5 Medium
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system.
CVE-2023-41369 1 Sap 1 S\/4 Hana 2024-11-21 3.5 Low
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.
CVE-2023-41368 1 Sap 1 S\/4 Hana 2024-11-21 2.7 Low
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.
CVE-2020-6188 1 Sap 2 Erp, S\/4 Hana 2024-11-21 8.8 High
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
CVE-2020-26832 1 Sap 2 Netweaver Application Server Abap, S\/4 Hana 2024-11-21 7.6 High
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
CVE-2024-45282 1 Sap 1 S\/4 Hana 2024-11-14 4.3 Medium
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.