VYPR

S/4HANA

by SAP

CVEs (33)

  • CVE-2025-42967CriJul 8, 2025
    risk 0.65cvss 9.9epss 0.01

    SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on…

  • CVE-2026-0501CriJan 13, 2026
    risk 0.64cvss 9.9epss 0.00

    Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity,…

  • CVE-2025-42957CriAug 12, 2025
    risk 0.64cvss 9.9epss 0.02

    SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a…

  • CVE-2025-27429CriApr 8, 2025
    risk 0.64cvss 9.9epss 0.01

    SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a…

  • CVE-2021-33701CriSep 15, 2021
    risk 0.59cvss 9.1epss 0.02

    DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute…

  • CVE-2025-43010HigMay 13, 2025
    risk 0.54cvss 8.3epss 0.00

    SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack…

  • CVE-2022-22531HigJan 14, 2022
    risk 0.53cvss 8.1epss 0.01

    The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed…

  • CVE-2022-22530HigJan 14, 2022
    risk 0.53cvss 8.1epss 0.01

    The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical…

  • CVE-2025-42946MedAug 12, 2025
    risk 0.45cvss 6.9epss 0.01

    Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This…

  • CVE-2026-44744MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.00

    SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not…

  • CVE-2023-35870MedJul 11, 2023
    risk 0.41cvss 6.3epss 0.00

    When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a…

  • CVE-2024-42378MedSep 10, 2024
    risk 0.40cvss 6.1epss 0.00

    Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it…

  • CVE-2023-40306MedSep 8, 2023
    risk 0.40cvss 6.1epss 0.00

    SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.

  • CVE-2020-6184MedFeb 12, 2020
    risk 0.40cvss 6.1epss 0.01

    Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

  • CVE-2022-31597MedJul 12, 2022
    risk 0.35cvss 5.4epss 0.00

    Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of…

  • CVE-2020-6199MedMar 10, 2020
    risk 0.35cvss 5.4epss 0.00

    The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker…

  • CVE-2020-6185MedFeb 12, 2020
    risk 0.35cvss 5.4epss 0.01

    Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.

  • CVE-2022-32248MedJul 12, 2022
    risk 0.34cvss 5.3epss 0.01

    Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data.

  • CVE-2020-6214MedApr 14, 2020
    risk 0.31cvss 4.7epss 0.01

    SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change,…

  • CVE-2025-42939MedOct 14, 2025
    risk 0.28cvss 4.3epss 0.00

    SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule…

Page 1 of 2