Szolgáltatóknak

SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted...

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only...

An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions....

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing...

SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the...

SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain...

SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by...

SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a...

OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on...

The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper...