Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap privileges vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-29186
In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially...
Sap Netweaver 707
Sap Netweaver 737
Sap Netweaver 747
Sap Netweaver 757
8.8
CVSSv3
CVE-2021-38176
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat...
Sap Landscape Transformation Replication Server 1.0
Sap S\\/4hana 1511
Sap S\\/4hana 1610
Sap S\\/4hana 1709
Sap S\\/4hana 1809
Sap S\\/4hana 1909
Sap S\\/4hana 2020
Sap S\\/4hana 2021
Sap Landscape Transformation 2.0
Sap Landscape Transformation Replication Server 2.0
Sap Landscape Transformation Replication Server 3.0
Sap Test Data Migration Server 4.0
8.8
CVSSv3
CVE-2021-40502
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to.
Sap Commerce 1905.34
Sap Commerce 2005.18
Sap Commerce 2011.13
Sap Commerce 2105.3
8.8
CVSSv3
CVE-2022-29611
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Sap Netweaver Application Server Abap 702
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 752
Sap Netweaver Application Server Abap 753
Sap Netweaver Application Server Abap 754
Sap Netweaver Application Server Abap 755
Sap Netweaver Application Server Abap 756
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 710
Sap Netweaver Application Server Abap 787
Sap Netweaver Application Server Abap 788
Sap Netweaver Application Server Abap 701
Sap Netweaver Application Server Abap 711
Sap Netweaver Application Server Abap 730
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 751
7.2
CVSSv3
CVE-2024-21735
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, whi...
Sap Lt Replication Server S4core 104
Sap Lt Replication Server S4core 105
Sap Lt Replication Server S4core 106
Sap Lt Replication Server S4core 107
Sap Lt Replication Server S4core 108
Sap Lt Replication Server S4core 103
8.1
CVSSv3
CVE-2020-6301
SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized malicious user to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.
Sap Hcm Travel Management 600
Sap Hcm Travel Management 602
Sap Hcm Travel Management 603
Sap Hcm Travel Management 604
Sap Hcm Travel Management 605
Sap Hcm Travel Management 606
Sap Hcm Travel Management 607
Sap Hcm Travel Management 608
9.8
CVSSv3
CVE-2023-50423
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Sap Sap-xssec
9.8
CVSSv3
CVE-2023-49583
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Sap \\@sap\\/xssec
1 Article
NA
CVE-2003-0938
vos24u.c in SAP database server (SAP DB) 7.4.03.27 and previous versions allows local users to gain SYSTEM privileges via a malicious "NETAPI32.DLL" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLA...
Sap Sap Db
2.7
CVSSv3
CVE-2020-6280
SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.
Sap Abap Platform 7.50
Sap Abap Platform 7.40
Sap Abap Platform 7.31
Sap Netweaver Application Server Abap 750
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »