cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-44113,https://securityvulnerability.io/vulnerability/CVE-2024-44113,Authenticated Attackers Can Access Restricted Information via Missing Authorization Checks,"Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.",SAP,SAP Business Warehouse (bex Analyzer),4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T03:04:28.683Z,0 CVE-2024-39595,https://securityvulnerability.io/vulnerability/CVE-2024-39595,SAP Business Warehouse XSS Vulnerability Allows User-Controlled Modification of Website Content,"SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.",SAP,SAP Business Warehouse - Business Planning And Simulation,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-09T04:13:49.560Z,0 CVE-2024-39594,https://securityvulnerability.io/vulnerability/CVE-2024-39594,SAP Business Warehouse XSS Vulnerability Could Lead to Low-Impact Attacks,"SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application.",SAP,SAP Business Warehouse - Business Planning And Simulation,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-09T04:10:40.727Z,0 CVE-2023-33992,https://securityvulnerability.io/vulnerability/CVE-2023-33992,Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA,"The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the user still needs authorizations on the query as well as on the keyfigure/measure level. The missing check only affects the data level. ",SAP,SAP Business Warehouse And SAP Bw/4hana,4.5,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2023-07-11T03:15:00.000Z,0 CVE-2021-21466,https://securityvulnerability.io/vulnerability/CVE-2021-21466,Code Injection Vulnerability in SAP Business Warehouse and BW/4HANA,"SAP Business Warehouse and BW/4HANA are susceptible to a security vulnerability that enables an attacker with low privileges to inject malicious code using a remote enabled function module. This weakness allows attackers to craft and execute harmful ABAP reports, which can potentially lead to unauthorized access to sensitive information, the execution of damaging UPDATE statements, and disruption of the SAP system's functionality, causing service outages.",SAP,"SAP Business Warehouse,SAP Bw/4hana",9.9,CRITICAL,0.022789999842643738,false,,false,false,false,,,false,false,,2021-01-12T14:42:39.000Z,0 CVE-2021-21465,https://securityvulnerability.io/vulnerability/CVE-2021-21465,SQL Injection Vulnerability in SAP BW Database Interface,"A vulnerability in the SAP BW Database Interface permits an attacker with low privileges to execute arbitrary SQL queries against the backend database. This occurs due to inadequate validation of untrusted input, enabling the attacker to inject malicious SQL commands. If exploited, this vulnerability can compromise the integrity and confidentiality of the data stored in the SAP system, leading to potential unauthorized access and manipulation of sensitive information.",SAP,SAP Business Warehouse,9.9,CRITICAL,0.009399999864399433,false,,false,false,false,,,false,false,,2021-01-12T14:40:57.000Z,0 CVE-2021-21468,https://securityvulnerability.io/vulnerability/CVE-2021-21468,Privilege Escalation Vulnerability in SAP BW Database Interface,"The SAP BW Database Interface contains a vulnerability that allows authenticated users to bypass necessary authorization checks. As a result, they can escalate their privileges and gain unauthorized access to almost any database table. This flaw poses a significant risk to data confidentiality and integrity within the SAP environment, making it essential for organizations to address this security issue promptly.",SAP,SAP Business Warehouse,6.5,MEDIUM,0.0026400000788271427,false,,false,false,false,,,false,false,,2021-01-12T14:40:53.000Z,0 CVE-2020-26838,https://securityvulnerability.io/vulnerability/CVE-2020-26838,Code Injection Vulnerability in SAP Business Warehouse Affecting Multiple Versions,"An authenticated attacker with elevated developer privileges in SAP Business Warehouse can exploit a vulnerability to craft requests that execute arbitrary Operating System commands. This code injection flaw poses significant risks, compromising the confidentiality, integrity, and availability of the affected server and all data and applications running on it. Organizations need to be aware of this vulnerability and take appropriate measures to mitigate potential security breaches.",SAP,"SAP Business Warehouse,SAP Bw4hana",9.1,CRITICAL,0.0011599999852478504,false,,false,false,false,,,false,false,,2020-12-09T16:31:14.000Z,0 CVE-2017-16685,https://securityvulnerability.io/vulnerability/CVE-2017-16685,Cross-Site Scripting Vulnerability in SAP Business Warehouse by SAP,"A Cross-Site Scripting (XSS) vulnerability exists in SAP Business Warehouse Universal Data Integration due to insufficient encoding of user-controlled inputs. This weakness can allow attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions or data exposure. The affected versions range from 7.10 to 7.50, making it imperative for users of this software to apply the necessary patches and updates to mitigate the risk.",SAP,SAP Business Warehouse Universal Data Integration,6.1,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2017-12-12T00:00:00.000Z,0