Security Advisories  

Description
[CVE-2023-40623] Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)

Description
Denial of service (DOS) vulnerability due to the usage of vulnerable version of Commons File Upload in SAP Quotation Management Insurance (FS-QUO)

Description
[CVE-2023-40308] Memory Corruption vulnerability in SAP CommonCryptoLib

Description
[CVE-2023-40622] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)

Description
[CVE-2023-40309] Missing Authorization check in SAP CommonCryptoLib

Description
[CVE-2023-40625] Missing Authorization check in Manage Purchase Contracts App

Description
[CVE-2023-40621] Code Injection vulnerability in SAP PowerDesigner Client

Description
[CVE-2023-41369] External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)

Description
[CVE-2023-41367] Missing Authentication check in SAP NetWeaver (Guided Procedures)

Description
[CVE-2023-37489] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Description
[CVE-2023-42472] Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)

Description
[CVE-2023-40624] Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)

Description
[CVE-2023-41368] Insecure Direct Object Reference (IDOR) vulnerability in SAP S/4HANA (Manage checkbook apps)

Description
[CVE-2023-37487] Security Misconfiguration vulnerability in SAP Business One (Service Layer)

Description
Denial of Service (DoS) vulnerability due to the usage of vulnerable version of Commons FileUpload in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2023-33993] SQL Injection vulnerability in SAP Business One (B1i Layer)

Description
[CVE-2023-36923] Code Injection vulnerability in SAP PowerDesigner

Description
[CVE-2023-36926] Information disclosure vulnerability in SAP Host Agent

Description
Cross-Site Scripting (XSS) vulnerabilities in jQuery-UI library bundled with SAPUI5

Description
[CVE-2023-39439] Improper authentication in SAP Commerce Cloud

Description
[CVE-2023-37492] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-39440] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2023-37491] Improper Authorization check vulnerability in SAP Message Server

Description
[CVE-2023-39436] Information Disclosure in SAP Supplier Relationship Management

Description
Switchable authorization checks for RFC in SRM

Description
[CVE-2023-37488] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration

Description
[CVE-2023-37490] Binary hijack in SAP BusinessObjects Business Intelligence Suite (installer)

Description
[CVE-2023-40306] URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)

Description
[CVE-2023-37483] Multiple Vulnerabilities in SAP PowerDesigner

Description
[CVE-2023-39437] Cross-Site Scripting (XSS) vulnerability in SAP Business One

Description
[CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Description
[CVE-2023-37486] Information Disclosure vulnerability in SAP Commerce (OCC API)

Description
[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)

Description
[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security

Description
[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now

Description
[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)

Description
[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)

Description
[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere

Description
[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)

Description
[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher

Description
[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

Description
[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

Description
[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)

Description
[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)

Description
[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher

Description
[CVE-2023-33984] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Design Time Repository)

Description
[CVE-2023-32114] Denial of Service in SAP NetWeaver (Change and Transport System)

Description
Update 1 to security note 3315971 - [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-33985] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Enterprise Portal)

Description
[CVE-2023-33986] Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management)

Description
[CVE-2023-33991] Stored Cross-Site Scripting vulnerability in SAP UI5 (Variant Management)

Description
[CVE-2023-30743] Improper Neutralization of Input in SAPUI5

Description
[CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel

Description
[CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)

Description
[CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Description
Information Disclosure vulnerability in SAP Commerce (Backoffice)

Description
[CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)

Description
[CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)

Description
[CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA

Description
[CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy

Description
Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager

Description
Denial of service (DOS) in SAP Commerce

Description
[CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing

Description
[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service

Description
[CVE-2023-28763] - Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-29185] Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)

Description
[CVE-2023-29112] Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)

Description
[CVE-2023-26458] Information Disclosure vulnerability in SAP Landscape Management

Description
[CVE-2023-29186] Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON)

Description
[CVE-2023-29109] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-29110] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-29187] DLL Hijacking vulnerability in SapSetup (Software Installation Program)

Description
[CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )

Description
[CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)

Description
[CVE-2023-27499] Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

Description
[CVE-2023-28761] Missing Authentication check in SAP NetWeaver Enterprise Portal

Description
[CVE-2023-1903] Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)

Description
[CVE-2023-29189] HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-27897] Code Injection vulnerability in SAP CRM

Description
[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)

Description
Remote Code Execution vulnerability in SAP Commerce

Description
[CVE-2023-29108] IP filter vulnerability in ABAP Platform and SAP Web Dispatcher

Description
[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform

Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

Description
[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)

Description
[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)

Description
[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android

Description
[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL

Description
[CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server

Description
[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)

Description
[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)

Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java

Description
[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)

Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)

Description
[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)

Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)

Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data

Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager

Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)

Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface

Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation

Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2

Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)

Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)

Description
[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)

Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS

Description
[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)

Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java

Description
[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)

Description
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)

Description
[CVE-2022-41271] Improper access control in SAP NetWeaver AS Java (Messaging System)

Description
[CVE-2022-41261] Improper Access Control in SAP Solution Manager (Diagnostic Agent)

Description
[CVE-2022-41264] Code Injection vulnerability in SAP BASIS

Description
Update 1 to Security Note 2872782 - [CVE-2020-6215] URL Redirection vulnerability in SAP NetWeaver AS ABAP (BSP Test Application)

Description
[CVE-2022-41262] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for Java (Http Provider Service)

Description
[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management

Description
[CVE-2022-41273] URL Redirection vulnerability in SAP Sourcing and SAP Contract Lifecycle Management

Description
[CVE-2022-41267] Server-Side Request Forgery vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2022-41268] Privilege escalation vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2022-41263] Missing authentication check vulnerability in SAP Business Objects Business Intelligence Platform (Web intelligence)

Description
Remote Code Execution vulnerability associated with Apache Commons Text in SAP Commerce

Description
[CVE-2022-41272] Improper access control in SAP NetWeaver AS Java (User Defined Search)

Description
[CVE-2022-41266] Cross-Site Scripting (XSS) vulnerability in SAP Commerce

Description
Insufficient Session Expiration in Central Fiori Launchpad

Description
[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation

Description
[CVE-2022-41207] URL Redirection vulnerability in SAP Biller Direct

Description
[CVE-2022-41215] URL Redirection vulnerability in SAP NetWeaver ABAP Server and ABAP Platform

Description
[CVE-2022-41259] Denial of service (DOS) in SAP SQL Anywhere

Description
[CVE-2022-41211] Arbitrary Code Execution vulnerability in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer