cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-36924,https://securityvulnerability.io/vulnerability/CVE-2023-36924,Log Injection vulnerability in SAP ERP Defense Forces and Public Security,"While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin privileges to write arbitrary data to the syslog file. On successful exploitation, an attacker could modify all the syslog data causing a complete compromise of integrity of the application.

",SAP,SAP ERP Defense Forces and Public Security,4.9,MEDIUM,0.0006699999794363976,false,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0
CVE-2023-24528,https://securityvulnerability.io/vulnerability/CVE-2023-24528,,"SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - version 600,  allows an authenticated attacker to exploit a certain misconfigured application endpoint to view sensitive data. This endpoint is normally exposed over the network and successful exploitation can lead to exposure of data like travel documents.

",SAP,Fiori apps 1.0 for travel management in SAP ERP (My Travel Requests),6.5,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2023-02-14T04:15:00.000Z,0
CVE-2022-31589,https://securityvulnerability.io/vulnerability/CVE-2022-31589,,"Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.",SAP,"SAP Erp, Localization For Cee Countries.,SAP Financials,SAP S/4hana Core",6.5,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2022-06-14T18:36:39.000Z,0
CVE-2022-22535,https://securityvulnerability.io/vulnerability/CVE-2022-22535,,"SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.",SAP,SAP Erp Hcm (portugal),6.5,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2022-02-09T22:05:21.000Z,0
CVE-2021-42062,https://securityvulnerability.io/vulnerability/CVE-2021-42062,,"SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.",SAP,SAP Erp Hcm Portugal,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-11-10T15:30:39.000Z,0
CVE-2021-38164,https://securityvulnerability.io/vulnerability/CVE-2021-38164,,"SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.",SAP,SAP Erp Financial Accounting (rfopenposting Fr),5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-09-14T11:19:00.000Z,0
CVE-2021-27605,https://securityvulnerability.io/vulnerability/CVE-2021-27605,,"SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted.",SAP,SAP Fiori Apps 2.0 For Travel Management In SAP Erp,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-04-13T18:44:13.000Z,0
CVE-2020-26807,https://securityvulnerability.io/vulnerability/CVE-2020-26807,,"SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder.",SAP,SAP Erp Client For E-bilanz 1.0,4.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2020-11-10T16:20:55.000Z,0
CVE-2020-6316,https://securityvulnerability.io/vulnerability/CVE-2020-6316,,"SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.",SAP,"SAP Erp,SAP S/4 Hana",4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-11-10T16:11:29.000Z,0
CVE-2020-6301,https://securityvulnerability.io/vulnerability/CVE-2020-6301,,"SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.",SAP,SAP Erp (hcm Travel Management),5.4,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2020-08-12T13:50:55.000Z,0
CVE-2020-6268,https://securityvulnerability.io/vulnerability/CVE-2020-6268,,"Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.",SAP,SAP Erp (statutory Reporting For Insurance Companies),5.4,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2020-06-10T12:35:27.000Z,0
CVE-2020-6212,https://securityvulnerability.io/vulnerability/CVE-2020-6212,,"Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.",SAP,"SAP Erp,SAP S/4 Hana",5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-04-24T23:15:00.000Z,0
CVE-2020-6199,https://securityvulnerability.io/vulnerability/CVE-2020-6199,,"The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.",SAP,"SAP Erp (eappglo),SAP Erp (SAP Fin),SAP S/4hana (s4core)",5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-03-10T20:18:38.000Z,0
CVE-2020-6188,https://securityvulnerability.io/vulnerability/CVE-2020-6188,,"VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.",SAP,"SAP Erp (SAP Appl),SAP Erp (SAP Fin),SAP S/4 Hana (s4core)",6.3,MEDIUM,0.0010400000028312206,false,false,false,false,,false,false,2020-02-12T19:46:09.000Z,0
CVE-2019-0386,https://securityvulnerability.io/vulnerability/CVE-2019-0386,,"Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.",SAP,"SAP Erp Sales (SAP Appl),S4hana Sales (s4core)",6.3,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2019-11-13T22:18:40.000Z,0
CVE-2019-0325,https://securityvulnerability.io/vulnerability/CVE-2019-0325,,"SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data.",SAP,SAP Erp Hcm (SAP Hrces),4.2,MEDIUM,0.0010999999940395355,false,false,false,false,,false,false,2019-07-10T19:04:13.000Z,0
CVE-2018-2474,https://securityvulnerability.io/vulnerability/CVE-2018-2474,,"SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection.",SAP,"SAP Fiori 1.0 For SAP Erp Hcm (approve Leave Request, Version 2)",6.5,MEDIUM,0.0015699999639764428,false,false,false,false,,false,false,2018-10-09T13:00:00.000Z,0
CVE-2018-2381,https://securityvulnerability.io/vulnerability/CVE-2018-2381,,"SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.",SAP,SAP Erp Financials Information System,8.8,HIGH,0.002259999979287386,false,false,false,false,,false,false,2018-02-14T12:00:00.000Z,0