cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-45282,https://securityvulnerability.io/vulnerability/CVE-2024-45282,Integrity Violations in Read-Only Fields,"Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.",SAP,SAP S/4 Hana (manage Bank Statements),5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-10-08T03:21:33.330Z,0
CVE-2024-45277,https://securityvulnerability.io/vulnerability/CVE-2024-45277,HANA Client Package Affected by Prototype Pollution Vulnerability,The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. This is due to improper user input sanitation when using the nestTables feature causing low impact on the availability of the application. This has no impact on Confidentiality and Integrity.,SAP,SAP Hana Client,4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2024-10-08T03:21:16.236Z,0
CVE-2024-44121,https://securityvulnerability.io/vulnerability/CVE-2024-44121,SAP S/4HANA Vulnerability Could Expose Internal User Data,Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and availability of the application,SAP,SAP S/4 Hana (statutory Reports),4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-10T04:28:07.353Z,0
CVE-2024-4138,https://securityvulnerability.io/vulnerability/CVE-2024-4138,Unauthorized Access to Rule Management,"Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can enable/disable the sharing rule of other users affecting the integrity of the application. Confidentiality and Availability are not affected.",SAP,SAP S/4 Hana (manage Bank Statement Reprocessing Rules),4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T03:53:10.737Z,0
CVE-2024-4139,https://securityvulnerability.io/vulnerability/CVE-2024-4139,Unauthorized Rule Deletion Vulnerability,"Manage Bank Statement ReProcessing Rules does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can delete rules of other users affecting the integrity of the application. Confidentiality and Availability are not affected.",SAP,SAP S/4 Hana (manage Bank Statement Reprocessing Rules),4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T03:51:31.364Z,0
CVE-2024-30217,https://securityvulnerability.io/vulnerability/CVE-2024-30217,SAP S/4HANA Cash Management Vulnerability: Escalation of Privileges,"Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the application. Confidentiality and Availability are not impacted.

",SAP,SAP S/4 Hana (cash Management),4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-09T01:15:00.000Z,0
CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0
CVE-2022-29614,https://securityvulnerability.io/vulnerability/CVE-2022-29614,,"SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.",SAP,"SAP Netweaver As Abap, As Java, Abap Platform And Hana Database",5,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2022-06-14T18:27:16.000Z,0
CVE-2021-27616,https://securityvulnerability.io/vulnerability/CVE-2021-27616,,"Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.",SAP,"SAP Business One, Version For SAP Hana (cookbooks)",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-05-11T14:19:33.000Z,0
CVE-2021-27614,https://securityvulnerability.io/vulnerability/CVE-2021-27614,,"SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the integrity and availability of the application.",SAP,"SAP Business One, Version For SAP Hana (cookbooks)",7.3,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-05-11T14:19:33.000Z,0
CVE-2021-21484,https://securityvulnerability.io/vulnerability/CVE-2021-21484,,LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.,SAP,SAP Hana,7.7,HIGH,0.0024399999529123306,false,false,false,false,,false,false,2021-03-09T14:11:24.000Z,0
CVE-2021-21474,https://securityvulnerability.io/vulnerability/CVE-2021-21474,,"SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.",SAP,SAP Hana Database,6.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2021-02-09T20:44:04.000Z,0
CVE-2020-26832,https://securityvulnerability.io/vulnerability/CVE-2020-26832,,"SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.",SAP,"SAP Netweaver As Abap (SAP Landscape Transformation),SAP S4 Hana (SAP Landscape Transformation)",7.6,HIGH,0.00394000019878149,false,false,false,false,,false,false,2020-12-09T16:31:03.000Z,0
CVE-2020-26834,https://securityvulnerability.io/vulnerability/CVE-2020-26834,,"SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.",SAP,SAP Hana Database,4.2,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-12-09T16:30:45.000Z,0
CVE-2020-26808,https://securityvulnerability.io/vulnerability/CVE-2020-26808,,"SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.",SAP,"SAP As Abap(dmis),SAP S4 Hana(dmis)",9.1,CRITICAL,0.026119999587535858,false,false,false,false,,false,false,2020-11-10T16:12:24.000Z,0
CVE-2020-6316,https://securityvulnerability.io/vulnerability/CVE-2020-6316,,"SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.",SAP,"SAP Erp,SAP S/4 Hana",4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-11-10T16:11:29.000Z,0
CVE-2020-6273,https://securityvulnerability.io/vulnerability/CVE-2020-6273,,"SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.",SAP,SAP S/4 Hana (fiori Ui For General Ledger Accounting),4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-08-12T13:19:40.000Z,0
CVE-2020-6212,https://securityvulnerability.io/vulnerability/CVE-2020-6212,,"Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.",SAP,"SAP Erp,SAP S/4 Hana",5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-04-24T23:15:00.000Z,0
CVE-2020-6233,https://securityvulnerability.io/vulnerability/CVE-2020-6233,,"SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.",SAP,"SAP S/4 Hana (financial Products Subledger And Banking Services) (fSAPpl),SAP S/4 Hana (financial Products Subledger And Banking Services) (s4fpsl)",4.3,MEDIUM,0.0007200000109151006,false,false,false,false,,false,false,2020-04-14T18:34:47.000Z,0
CVE-2020-6188,https://securityvulnerability.io/vulnerability/CVE-2020-6188,,"VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.",SAP,"SAP Erp (SAP Appl),SAP Erp (SAP Fin),SAP S/4 Hana (s4core)",6.3,MEDIUM,0.0010400000028312206,false,false,false,false,,false,false,2020-02-12T19:46:09.000Z,0
CVE-2019-0350,https://securityvulnerability.io/vulnerability/CVE-2019-0350,,"SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service",SAP,SAP Hana Database,7.5,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2019-11-04T14:33:20.000Z,0
CVE-2019-0357,https://securityvulnerability.io/vulnerability/CVE-2019-0357,,"The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system ""root"" privileges.",SAP,SAP Hana,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2019-09-10T16:48:14.000Z,0
CVE-2019-0364,https://securityvulnerability.io/vulnerability/CVE-2019-0364,,"Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.",SAP,SAP Hana Extended Application Services,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2019-09-10T16:13:22.000Z,0
CVE-2019-0363,https://securityvulnerability.io/vulnerability/CVE-2019-0363,,"Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to overload the server or retrieve information about internal network ports.",SAP,SAP Hana Extended Application Services,7.1,HIGH,0.0008099999977275729,false,false,false,false,,false,false,2019-09-10T16:11:19.000Z,0