VYPR

SAP Business Warehouse

by SAP

CVEs (11)

  • CVE-2020-26838CriDec 9, 2020
    risk 0.59cvss 9.1epss 0.02

    SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any…

  • CVE-2021-21466HigJan 12, 2021
    risk 0.57cvss 8.8epss 0.03

    SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious…

  • CVE-2025-42983HigJun 10, 2025
    risk 0.55cvss 8.5epss 0.00

    SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is…

  • CVE-2025-42952HigJul 8, 2025
    risk 0.50cvss 7.7epss 0.00

    SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short…

  • CVE-2025-42962MedJul 8, 2025
    risk 0.40cvss 6.1epss 0.00

    SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and…

  • CVE-2024-39594MedJul 9, 2024
    risk 0.40cvss 6.1epss 0.00

    SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and…

  • CVE-2025-25244MedMar 11, 2025
    risk 0.37cvss 5.7epss 0.00

    SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding…

  • CVE-2024-39595MedJul 9, 2024
    risk 0.35cvss 5.4epss 0.00

    SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an…

  • CVE-2023-33992MedJul 11, 2023
    risk 0.29cvss 4.5epss 0.00

    The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose unauthorized cell values to the data response. To be able to exploit this, the…

  • CVE-2025-42960MedJul 8, 2025
    risk 0.28cvss 4.3epss 0.00

    SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact…

  • CVE-2024-44113MedSep 10, 2024
    risk 0.28cvss 4.3epss 0.00

    Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on…