ERP Central Component
by SAP
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0503 | Med | 0.42 | 6.4 | 0.00 | Jan 13, 2026 | Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful… | ||
| CVE-2015-3621 | 0.00 | — | 0.02 | Jul 16, 2015 | Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program. | |||
| CVE-2013-6284 | 0.00 | — | 0.02 | Oct 26, 2013 | Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability." | |||
| CVE-2013-3244 | 0.00 | — | 0.02 | Oct 24, 2013 | Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. | |||
| CVE-2013-3061 | 0.00 | — | 0.02 | May 1, 2013 | The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via… |
- risk 0.42cvss 6.4epss 0.00
Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful…
- CVE-2015-3621Jul 16, 2015risk 0.00cvss —epss 0.02
Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program.
- CVE-2013-6284Oct 26, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability."
- CVE-2013-3244Oct 24, 2013risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
- CVE-2013-3061May 1, 2013risk 0.00cvss —epss 0.02
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via…