VYPR

S/4HANA

by SAP

CVEs (33)

  • CVE-2025-27436MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a…

  • CVE-2025-27433MedMar 11, 2025
    risk 0.28cvss 4.3epss 0.00

    The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on…

  • CVE-2024-44121MedSep 10, 2024
    risk 0.28cvss 4.3epss 0.00

    Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal user data that should remain confidential. It does not impact the integrity and…

  • CVE-2024-30217MedApr 9, 2024
    risk 0.28cvss 4.3epss 0.00

    Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the…

  • CVE-2024-30216MedApr 9, 2024
    risk 0.28cvss 4.3epss 0.00

    Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integrity of…

  • CVE-2023-42475MedOct 10, 2023
    risk 0.28cvss 4.3epss 0.00

    The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.

  • CVE-2023-41369LowSep 12, 2023
    risk 0.23cvss 3.5epss 0.00

    The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause…

  • CVE-2025-42909LowOct 14, 2025
    risk 0.20cvss 3.0epss 0.00

    SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and…

  • CVE-2026-24314Feb 24, 2026
    risk 0.00cvss epss 0.00

    Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which would otherwise be restricted. This could cause low impact on confidentiality of the application while integrity and availability are not impacted.

  • CVE-2026-0488Feb 10, 2026
    risk 0.00cvss epss 0.00

    An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database…

  • CVE-2026-0484Feb 10, 2026
    risk 0.00cvss epss 0.00

    Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no…

  • CVE-2026-0498Jan 13, 2026
    risk 0.00cvss epss 0.00

    SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks.…

  • CVE-2024-34691Jun 11, 2024
    risk 0.00cvss epss 0.00

    Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system.

Page 2 of 2