Business%20Planning%20and%20Consolidation

Business Planning and Consolidation

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2023-23851

Assigner-SAP SE

View Details

Assigner-SAP SE

CVSS Score-5.4||MEDIUM

EPSS-0.16% / 36.98%

7 Day CHG~0.00%

Published-14 Feb, 2023 | 03:11

Updated-21 Mar, 2025 | 14:04

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.

Vendor-SAP SE

Product-business_planning_and_consolidation Business Planning and Consolidation

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2022-41268

Assigner-SAP SE

View Details

Assigner-SAP SE

CVSS Score-8.5||HIGH

EPSS-0.21% / 43.08%

7 Day CHG~0.00%

Published-13 Dec, 2022 | 02:52

Updated-22 Apr, 2025 | 14:20

In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data.

Vendor-SAP SE

Product-business_planning_and_consolidation Business Planning and Consolidation

CWE ID-CWE-269

Improper Privilege Management