Security Advisories  

Description
[CVE-2023-49580] Information disclosure vulnerability in SAP GUI for WIndows and SAP GUI for Java

Description
[CVE-2023-42479] Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct

Description
[CVE-2023-6542] Missing Authorization Check in SAP EMARSYS SDK ANDROID

Description
[CVE-2023-42481] Improper Access Control vulnerability in SAP Commerce Cloud

Description
[CVE-2023-42478] Cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2023-49581] SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2023-42476] Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence

Description
[CVE-2023-49058] Directory Traversal vulnerability in SAP Master Data Governance

Description
[CVE-2023-49577] Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)

Description
Update 1 to 3350297 - [CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Description
[Multiple CVEs] Escalation of Privileges in SAP Business Technology Platform (BTP) Security Services Integration Libraries

Description
[CVE-2023-49584] Client-Side Desynchronization vulnerability in SAP Fiori Launchpad

Description
[CVE-2023-49587] Command Injection vulnerability in SAP Solution Manager

Description
[CVE-2023-49578] Denial of service (DOS) in SAP Cloud Connector

Description
Denial of service (DoS) vulnerability in JSZip library bundled within SAPUI5

Description
[CVE-2023-42480] Information Disclosure in NetWeaver AS Java Logon

Description
[CVE-2023-31403] Improper Access Control vulnerability in SAP Business One product installation

Description
[CVE-2023-41366] Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Description
[CVE-2023-40310] Missing XML Validation vulnerability in SAP PowerDesigner Client (BPMN2 import)

Description
[CVE-2023-42475] Information Disclosure Vulnerability in Statutory Reporting

Description
[CVE-2023-42477] Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)

Description
[CVE-2023-42474] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Web Intelligence

Description
[CVE-2023-41365] Information Disclosure vulnerability in SAP Business One (B1i)

Description
Update 1 to Security Note 3324732: [CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

Description
[CVE-2023-41369] External Entity Loop vulnerability in SAP S/4HANA (Create Single Payment application)

Description
[CVE-2023-41367] Missing Authentication check in SAP NetWeaver (Guided Procedures)

Description
[CVE-2023-42472] Insufficient File type validation in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)

Description
[CVE-2023-40624] Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)

Description
[CVE-2023-40622] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)

Description
[CVE-2023-40621] Code Injection vulnerability in SAP PowerDesigner Client

Description
[CVE-2023-40625] Missing Authorization check in Manage Purchase Contracts App

Description
[CVE-2023-37489] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)

Description
Denial of service (DOS) vulnerability due to the usage of vulnerable version of Commons File Upload in SAP Quotation Management Insurance (FS-QUO)

Description
[CVE-2023-41368] Insecure Direct Object Reference (IDOR) vulnerability in SAP S/4HANA (Manage checkbook apps)

Description
[CVE-2023-40623] Arbitrary File Delete via Directory Junction in SAP BusinessObjects Suite(installer)

Description
[CVE-2023-40308] Memory Corruption vulnerability in SAP CommonCryptoLib

Description
[CVE-2023-40309] Missing Authorization check in SAP CommonCryptoLib

Description
[CVE-2023-37483] Multiple Vulnerabilities in SAP PowerDesigner

Description
[CVE-2023-39437] Cross-Site Scripting (XSS) vulnerability in SAP Business One

Description
[CVE-2023-33993] SQL Injection vulnerability in SAP Business One (B1i Layer)

Description
[CVE-2023-36923] Code Injection vulnerability in SAP PowerDesigner

Description
[CVE-2023-39440] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2023-39436] Information Disclosure in SAP Supplier Relationship Management

Description
Switchable authorization checks for RFC in SRM

Description
[CVE-2023-37490] Binary hijack in SAP BusinessObjects Business Intelligence Suite (installer)

Description
[CVE-2023-37488] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration

Description
[CVE-2023-37491] Improper Authorization check vulnerability in SAP Message Server

Description
[CVE-2023-36922] OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

Description
[CVE-2023-37487] Security Misconfiguration vulnerability in SAP Business One (Service Layer)

Description
[CVE-2023-39439] Improper authentication in SAP Commerce Cloud

Description
[CVE-2023-37492] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-40306] URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)

Description
Cross-Site Scripting (XSS) vulnerabilities in jQuery-UI library bundled with SAPUI5

Description
[CVE-2023-36926] Information disclosure vulnerability in SAP Host Agent

Description
Denial of Service (DoS) vulnerability due to the usage of vulnerable version of Commons FileUpload in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2023-37486] Information Disclosure vulnerability in SAP Commerce (OCC API)

Description
[CVE-2023-33989] Directory Traversal vulnerability in SAP NetWeaver (BI CONT ADD ON)

Description
[Multiple CVEs] Multiple Vulnerabilities in SAP Enable Now

Description
[CVE-2023-31405] Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

Description
[CVE-2023-35870] Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)

Description
[CVE-2023-33987] Request smuggling and request concatenation vulnerability in SAP Web Dispatcher

Description
[CVE-2023-36921] Header Injection in SAP Solution Manager (Diagnostic Agent)

Description
[CVE-2023-35874] Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-35871] Memory Corruption vulnerability in SAP Web Dispatcher

Description
[CVE-2023-36925] Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)

Description
[CVE-2023-33992] Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA

Description
[CVE-2023-35873] Missing Authentication check in SAP NetWeaver Process Integration (Runtime Workbench)

Description
[CVE-2023-33990] Denial of service (DOS) vulnerability in SAP SQL Anywhere

Description
[CVE-2023-35872] Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)

Description
[CVE-2023-36924] Log Injection vulnerability in SAP ERP Defense Forces and Public Security

Description
[CVE-2023-36917] Password Change rate limit bypass in SAP BusinessObjects Business Intelligence Platform

Description
[CVE-2023-33984] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Design Time Repository)

Description
[CVE-2023-32114] Denial of Service in SAP NetWeaver (Change and Transport System)

Description
[CVE-2023-33986] Cross-Site Scripting (XSS) vulnerability in SAP CRM ABAP (Grantor Management)

Description
Update 1 to security note 3315971 - [CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-33985] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver (Enterprise Portal)

Description
[CVE-2023-33991] Stored Cross-Site Scripting vulnerability in SAP UI5 (Variant Management)

Description
[CVE-2023-2827] Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital Manufacturing

Description
[CVE-2023-32112] Missing Authorization Check in Vendor Master Hierarchy

Description
Denial of service (DOS) in SAP Commerce

Description
[CVE-2023-30743] Improper Neutralization of Input in SAPUI5

Description
[CVE-2023-29080] Privilege escalation vulnerability in SAP IBP, add-in for Microsoft Excel

Description
[CVE-2023-32111] Memory Corruption vulnerability in SAP PowerDesigner (Proxy)

Description
[CVE-2023-30740] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation

Description
[CVE-2023-29188] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-30742] Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI)

Description
[CVE-2023-30741] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-28764] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-32113] Information Disclosure vulnerability in SAP GUI for Windows

Description
[CVE-2023-31404] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Service)

Description
[CVE-2023-28762] Information Disclosure in SAP BusinessObjects Business Intelligence Platform (Central Management Console)

Description
Information Disclosure vulnerability in SAP Commerce (Backoffice)

Description
Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager

Description
[CVE-2023-30744] Improper access control during application start-up in SAP AS NetWeaver JAVA

Description
[CVE-2023-31406] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)

Description
[CVE-2023-29111] Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)

Description
[CVE-2023-27897] Code Injection vulnerability in SAP CRM

Description
[CVE-2023-1903] Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)

Description
[CVE-2023-28765] Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )

Description
[CVE-2023-29187] DLL Hijacking vulnerability in SapSetup (Software Installation Program)

Description
[CVE-2023-27497] Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector)

Description
[CVE-2023-29110] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-29109] Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)

Description
[CVE-2023-29186] Directory Traversal vulnerability in SAP NetWeaver ( BI CONT ADD ON)

Description
[CVE-2023-26458] Information Disclosure vulnerability in SAP Landscape Management

Description
[CVE-2023-29112] Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)

Description
[CVE-2023-24527] Improper Access Control in SAP NetWeaver AS Java for Deploy Service

Description
[CVE-2023-28763] - Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-27499] Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML

Description
[CVE-2023-29189] HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)

Description
Remote Code Execution vulnerability in SAP Commerce

Description
[CVE-2023-29185] Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)

Description
[CVE-2023-29108] IP filter vulnerability in ABAP Platform and SAP Web Dispatcher

Description
[CVE-2023-28761] Missing Authentication check in SAP NetWeaver Enterprise Portal

Description
[CVE-2023-26457] Cross-Site Scripting (XSS) vulnerability in SAP Content Server

Description
[CVE-2023-27270] Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-27498] Memory Corruption vulnerability in SAPOSCOL

Description
[CVE-2023-27895] Information Disclosure vulnerability in SAP Authenticator for Android

Description
[CVE-2023-27893] Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)

Description
[CVE-2023-26461] XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)

Description
[CVE-2023-25617] OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

Description
[CVE-2023-25616] Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)

Description
[CVE-2023-27501] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-25615] SQL Injection vulnerability in SAP ABAP Platform

Description
[CVE-2023-27269] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24526] Improper Access Control in SAP NetWeaver AS Java (Classload Service)

Description
[CVE-2023-0021] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver

Description
[Multiple CVEs] Multiple vulnerabilities in the SAP BusinessObjects Business Intelligence platform

Description
[CVE-2023-26459] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-23857] Improper Access Control in SAP NetWeaver AS for Java

Description
[CVE-2023-27500] Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-26460] Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)

Description
[CVE-2023-27268] Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)

Description
[CVE-2023-0020] Information disclosure vulnerability in SAP BusinessObjects Business Intelligence platform

Description
[Multiple CVEs] Multiple vulnerabilities in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24525] Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

Description
[CVE-2023-23855] URL Redirection vulnerability in SAP Solution Manager

Description
[CVE-2023-24528] Missing Authorization Check in SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests)

Description
[CVE-2023-25614] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-23856] Cross-Site Scripting (XSS) vulnerability in Web Intelligence Interface

Description
[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation

Description
[CVE-2023-23852] Cross-Site Scripting (XSS) vulnerability in SAP Solution Manager 7.2

Description
[CVE-2023-0019] Missing Authorization check in SAP GRC (Process Control)

Description
[CVE-2023-23854] Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform

Description
[CVE-2023-0024] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-24530] Unrestricted Upload of File in SAP BusinessObjects Business Intelligence Platform (CMC)

Description
[CVE-2023-24523] Privilege Escalation vulnerability in SAP Host Agent (Start Service)

Description
[CVE-2023-23853] URL Redirection vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

Description
[CVE-2023-23858] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-24522] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-24521] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (BSP Framework)

Description
[CVE-2023-0025] Cross Site Scripting in SAP Solution Manager (BSP Application)

Description
[CVE-2023-24529] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP (Business Server Pages application)

Description
[CVE-2023-24524] Missing Authorization check in SAP S/4 HANA Map Treasury Correspondence Format Data

Description
[CVE-2023-0017] Improper access control in SAP NetWeaver AS for Java

Description
[CVE-2023-0022] Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analysis edition for OLAP)

Description
[CVE-2023-0014] Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0018] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Central management console)

Description
[CVE-2023-0012] Local Privilege Escalation in SAP Host Agent (Windows)

Description
[CVE-2023-0013] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Description
[CVE-2023-0015] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web Intelligence)

Description
[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS

Description
[CVE-2023-0023] Information Disclosure in SAP Bank Account Management (Manage Banks)