Security Advisories  

Description
[CVE-2023-42480] Information Disclosure in NetWeaver AS Java Logon

Description
[CVE-2023-31403] Improper Access Control vulnerability in SAP Business One product installation

Description
[CVE-2023-41366] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
Update 1 to Security Note 3324732: [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

Description
[CVE-2023-42477] Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)

Description
[CVE-2023-42474] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence

Description
[CVE-2023-41365] Information Disclosure vulnerability in SAP Business One (B1i)

Description
[CVE-2023-40310] Missing XML Validation vulnerability in SAP PowerDesigner Client (BPMN2 import)

Description
[CVE-2023-42475] Information Disclosure Vulnerability in Statutory Reporting

Description
[CVE-2023-40309] Missing Authorization check in SAP CommonCryptoLib

Description
[CVE-2023-40622] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)

Description
[CVE-2023-41368] Insecure Direct Object Reference (IDOR) vulnerability in SAP S/4HANA (Manage checkbook apps)

Description
[CVE-2023-40621] Code Injection vulnerability in SAP PowerDesigner Client

Description
[CVE-2023-40623] Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)

Description
[CVE-2023-40308] Memory Corruption vulnerability in SAP CommonCryptoLib

Description
[CVE-2023-41369] External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)

Description
[CVE-2023-41367] Missing Authentication check in SAP NetWeaver (Guided Procedures)

Description
[CVE-2023-42472] Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)

Description
[CVE-2023-40624] Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)

Description
[CVE-2023-40625] Missing Authorization check in Manage Purchase Contracts App

Description
[CVE-2023-37489] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Description
Denial of service (DOS) vulnerability due to the usage of vulnerable version of Commons File Upload in SAP Quotation Management Insurance (FS-QUO)

Description
[CVE-2023-37486] Information Disclosure vulnerability in SAP Commerce (OCC API)

Description
[CVE-2023-37483] Multiple Vulnerabilities in SAP PowerDesigner

Description
[CVE-2023-39437] Cross-Site Scripting (XSS) vulnerability in SAP Business One

Description
[CVE-2023-39436] Information Disclosure in SAP Supplier Relationship Management

Description
[CVE-2023-33993] SQL Injection vulnerability in SAP Business One (B1i Layer)

Description
[CVE-2023-39440] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
Switchable authorization checks for RFC in SRM

Description
[CVE-2023-36923] Code Injection vulnerability in SAP PowerDesigner

Description
[CVE-2023-37490] Binary hijack in SAP BusinessObjects Business Intelligence Suite (installer)

Description
[CVE-2023-37488] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration

Description
[CVE-2023-37491] Improper Authorization check vulnerability in SAP Message Server

Description
[CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Description
[CVE-2023-37487] Security Misconfiguration vulnerability in SAP Business One (Service Layer)

Description
[CVE-2023-39439] Improper authentication in SAP Commerce Cloud

Description
[CVE-2023-40306] URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)

Description
[CVE-2023-37492] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
Cross-Site Scripting (XSS) vulnerabilities in jQuery-UI library bundled with SAPUI5

Description
[CVE-2023-36926] Information disclosure vulnerability in SAP Host Agent

Description
Denial of Service (DoS) vulnerability due to the usage of vulnerable version of Commons FileUpload in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere

Description
[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)

Description
[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)

Description
[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)

Description
[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher

Description
[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)

Description
[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now

Description
[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

Description
[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

Description
[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security

Description
[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)

Description
[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher

Description
[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)

Description
[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-33984] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Design Time Repository)

Description
Update 1 to security note 3315971 - [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-32114] Denial of Service in SAP NetWeaver (Change and Transport System)

Description
[CVE-2023-33985] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Enterprise Portal)

Description
[CVE-2023-33991] Stored Cross-Site Scripting vulnerability in SAP UI5 (Variant Management)

Description
[CVE-2023-33986] Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management)

Description
[CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing

Description
[CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)

Description
[CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA

Description
Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager

Description
Information Disclosure vulnerability in SAP Commerce (Backoffice)

Description
[CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)

Description
[CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Description
[CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)

Description
[CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel

Description
[CVE-2023-30743] Improper Neutralization of Input in SAPUI5

Description
Denial of service (DOS) in SAP Commerce

Description
[CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy

Description
[CVE-2023-27897] Code Injection vulnerability in SAP CRM

Description
[CVE-2023-29109] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-1903] Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)

Description
[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service

Description
[CVE-2023-28763] - Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-27499] Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

Description
[CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )

Description
[CVE-2023-29189] HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)

Description
Remote Code Execution vulnerability in SAP Commerce

Description
[CVE-2023-29185] Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)

Description
[CVE-2023-29108] IP filter vulnerability in ABAP Platform and SAP Web Dispatcher

Description
[CVE-2023-29110] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-28761] Missing Authentication check in SAP NetWeaver Enterprise Portal

Description
[CVE-2023-29187] DLL Hijacking vulnerability in SapSetup (Software Installation Program)

Description
[CVE-2023-29112] Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)

Description
[CVE-2023-26458] Information Disclosure vulnerability in SAP Landscape Management

Description
[CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)

Description
[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)

Description
[CVE-2023-29186] Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON)

Description
[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)

Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

Description
[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)

Description
[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform

Description
[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

Description
[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)

Description
[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL

Description
[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android

Description
[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)

Description
[CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server

Description
[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)

Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java

Description
[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)

Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)

Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)

Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2

Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation

Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface

Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)

Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager

Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data

Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)

Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)

Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java

Description
[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)

Description
[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)

Description
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)

Description
[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS

Description
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS

Description
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)

Description
[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)

Description
Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)

Description
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)

Description
[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management

Description
[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management

Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform