Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-21735
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, whi...
Sap Lt Replication Server S4core 104
Sap Lt Replication Server S4core 105
Sap Lt Replication Server S4core 106
Sap Lt Replication Server S4core 107
Sap Lt Replication Server S4core 108
Sap Lt Replication Server S4core 103
NA
CVE-2023-50424
SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the...
Sap Cloud-security-client-go
NA
CVE-2023-49584
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an malicious user to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.
Sap Fiori Launchpad 754
Sap Fiori Launchpad 750
Sap Fiori Launchpad 755
Sap Fiori Launchpad 756
Sap Fiori Launchpad 757
Sap Fiori Launchpad 758
Sap Fiori Launchpad 700
Sap Fiori Launchpad 200
Sap Fiori Launchpad 793
NA
CVE-2023-50423
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Sap Sap-xssec
NA
CVE-2023-49577
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact ...
Sap Human Capital Management S4hcmcie 100
Sap Human Capital Management Sap Hrcie 600
Sap Human Capital Management Sap Hrcie 604
Sap Human Capital Management Sap Hrcie 608
NA
CVE-2023-49578
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.
Sap Cloud Connector 2.0
NA
CVE-2023-49580
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated malicious user to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthent...
Sap Graphical User Interface Sap Basis 755
Sap Graphical User Interface Sap Basis 756
Sap Graphical User Interface Sap Basis 757
Sap Graphical User Interface Sap Basis 758
NA
CVE-2023-49581
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated malicious user to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated malicious user to write data to a database table. By doing so th...
Sap Netweaver Application Server Abap 700
Sap Netweaver Application Server Abap 731
Sap Netweaver Application Server Abap 740
Sap Netweaver Application Server Abap 750
NA
CVE-2023-49583
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Sap \\@sap\\/xssec
1 Article
NA
CVE-2023-49587
SAP Solution Manager - version 720, allows an authorized malicious user to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.
Sap Solution Manager 720
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »