Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

SAP S/4HANA

Source -

CNA

CNA CVEs -

6

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2022-32248
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.48%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:27
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data.

Action-Not Available
Vendor-SAP SE
Product-s\/4hanaSAP S/4HANA
CWE ID-CWE-20
Improper Input Validation
CVE-2022-31597
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 35.26%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:27
Updated-03 Aug, 2024 | 07:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.

Action-Not Available
Vendor-SAP SE
Product-sapscores\/4hanaSAP S/4HANA
CWE ID-CWE-862
Missing Authorization
CVE-2022-22531
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-8.1||HIGH
EPSS-0.37% / 58.20%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:11
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.

Action-Not Available
Vendor-SAP SE
Product-s\/4hanaSAP S/4HANA
CVE-2022-22530
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-8.1||HIGH
EPSS-0.49% / 64.40%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:11
Updated-03 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.

Action-Not Available
Vendor-SAP SE
Product-s\/4hanaSAP S/4HANA
CVE-2021-33701
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-9.1||CRITICAL
EPSS-1.52% / 80.49%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 18:01
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.

Action-Not Available
Vendor-SAP SE
Product-s4coredmissapscoreDMIS Mobile Plug-InSAP S/4HANA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-38176
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-9.9||CRITICAL
EPSS-0.72% / 71.59%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 11:19
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.

Action-Not Available
Vendor-SAP SE
Product-landscape_transformations\/4hanalandscape_transformation_replication_servertest_data_migration_serverSAP Test Data Migration ServerSAP LT Replication ServerSAP LTRS for S/4HANASAP Landscape TransformationSAP S/4HANA
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')