Security Advisories  

Description
[CVE-2023-31403] Improper Access Control vulnerability in SAP Business One product installation

Description
[CVE-2023-41366] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2023-42480] Information Disclosure in NetWeaver AS Java Logon

Description
[CVE-2023-42477] Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)

Description
[CVE-2023-40310] Missing XML Validation vulnerability in SAP PowerDesigner Client (BPMN2 import)

Description
Update 1 to Security Note 3324732: [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

Description
[CVE-2023-42475] Information Disclosure Vulnerability in Statutory Reporting

Description
[CVE-2023-42474] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence

Description
[CVE-2023-41365] Information Disclosure vulnerability in SAP Business One (B1i)

Description
[CVE-2023-40624] Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)

Description
[CVE-2023-40625] Missing Authorization check in Manage Purchase Contracts App

Description
[CVE-2023-37489] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Description
Denial of service (DOS) vulnerability due to the usage of vulnerable version of Commons File Upload in SAP Quotation Management Insurance (FS-QUO)

Description
[CVE-2023-40622] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)

Description
[CVE-2023-41368] Insecure Direct Object Reference (IDOR) vulnerability in SAP S/4HANA (Manage checkbook apps)

Description
[CVE-2023-40621] Code Injection vulnerability in SAP PowerDesigner Client

Description
[CVE-2023-40623] Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)

Description
[CVE-2023-40308] Memory Corruption vulnerability in SAP CommonCryptoLib

Description
[CVE-2023-40309] Missing Authorization check in SAP CommonCryptoLib

Description
[CVE-2023-41369] External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)

Description
[CVE-2023-41367] Missing Authentication check in SAP NetWeaver (Guided Procedures)

Description
[CVE-2023-42472] Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)

Description
[CVE-2023-39436] Information Disclosure in SAP Supplier Relationship Management

Description
[CVE-2023-36923] Code Injection vulnerability in SAP PowerDesigner

Description
[CVE-2023-39440] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2023-39439] Improper authentication in SAP Commerce Cloud

Description
[CVE-2023-37487] Security Misconfiguration vulnerability in SAP Business One (Service Layer)

Description
[CVE-2023-37488] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration

Description
[CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Description
[CVE-2023-37490] Binary hijack in SAP BusinessObjects Business Intelligence Suite (installer)

Description
[CVE-2023-37491] Improper Authorization check vulnerability in SAP Message Server

Description
Switchable authorization checks for RFC in SRM

Description
[CVE-2023-37483] Multiple Vulnerabilities in SAP PowerDesigner

Description
[CVE-2023-37486] Information Disclosure vulnerability in SAP Commerce (OCC API)

Description
Denial of Service (DoS) vulnerability due to the usage of vulnerable version of Commons FileUpload in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2023-36926] Information disclosure vulnerability in SAP Host Agent

Description
Cross-Site Scripting (XSS) vulnerabilities in jQuery-UI library bundled with SAPUI5

Description
[CVE-2023-39437] Cross-Site Scripting (XSS) vulnerability in SAP Business One

Description
[CVE-2023-33993] SQL Injection vulnerability in SAP Business One (B1i Layer)

Description
[CVE-2023-37492] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-40306] URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)

Description
[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)

Description
[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)

Description
[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)

Description
[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere

Description
[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security

Description
[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)

Description
[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher

Description
[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)

Description
[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)

Description
[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

Description
[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

Description
[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now

Description
[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher

Description
Update 1 to security note 3315971 - [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-33985] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Enterprise Portal)

Description
[CVE-2023-32114] Denial of Service in SAP NetWeaver (Change and Transport System)

Description
[CVE-2023-33984] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Design Time Repository)

Description
[CVE-2023-33991] Stored Cross-Site Scripting vulnerability in SAP UI5 (Variant Management)

Description
[CVE-2023-33986] Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management)

Description
[CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)

Description
[CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy

Description
[CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing

Description
[CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel

Description
[CVE-2023-30743] Improper Neutralization of Input in SAPUI5

Description
Denial of service (DOS) in SAP Commerce

Description
Information Disclosure vulnerability in SAP Commerce (Backoffice)

Description
[CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)

Description
Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager

Description
[CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA

Description
[CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)

Description
[CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Description
[CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-1903] Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)

Description
[CVE-2023-29108] IP filter vulnerability in ABAP Platform and SAP Web Dispatcher

Description
[CVE-2023-29185] Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)

Description
Remote Code Execution vulnerability in SAP Commerce

Description
[CVE-2023-29189] HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-27499] Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

Description
[CVE-2023-28763] - Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service

Description
[CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)

Description
[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)

Description
[CVE-2023-27897] Code Injection vulnerability in SAP CRM

Description
[CVE-2023-28761] Missing Authentication check in SAP NetWeaver Enterprise Portal

Description
[CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )

Description
[CVE-2023-29187] DLL Hijacking vulnerability in SapSetup (Software Installation Program)

Description
[CVE-2023-29110] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-29109] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-29186] Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON)

Description
[CVE-2023-26458] Information Disclosure vulnerability in SAP Landscape Management

Description
[CVE-2023-29112] Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)

Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java

Description
[CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)

Description
[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)

Description
[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server

Description
[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL

Description
[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android

Description
[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)

Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)

Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)

Description
[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

Description
[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform

Description
[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)

Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager

Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)

Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)

Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data

Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)

Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface

Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation

Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2

Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)

Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)

Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)

Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java

Description
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)

Description
[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)

Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS