Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for sapscore by sap

    CVE-2023-29188 (GCVE-0-2023-29188)

    Vulnerability from nvd – Published: 2023-05-09 00:57 – Updated: 2025-01-28 16:13
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
    Summary
    SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: SAPSCORE 129
    Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:15.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T16:13:12.372471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T16:13:33.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAPSCORE 129"
                },
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T00:57:57.055Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-29188",
        "datePublished": "2023-05-09T00:57:57.055Z",
        "dateReserved": "2023-04-03T09:22:43.158Z",
        "dateUpdated": "2025-01-28T16:13:33.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31597 (GCVE-0-2022-31597)

    Vulnerability from nvd – Published: 2022-07-12 20:27 – Updated: 2024-08-03 07:25
    VLAI
    Summary
    Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP S/4HANA Affected: S4CORE 101
    Affected: 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: SAPSCORE 127
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:25:59.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3213826"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP S/4HANA",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CORE 101"
                },
                {
                  "status": "affected",
                  "version": "102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "SAPSCORE 127"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T20:27:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3213826"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-31597",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP S/4HANA",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "S4CORE 101"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "102"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "103"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "104"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "105"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "106"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "SAPSCORE 127"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3213826",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3213826"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-31597",
        "datePublished": "2022-07-12T20:27:00.000Z",
        "dateReserved": "2022-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:25:59.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33701 (GCVE-0-2021-33701)

    Vulnerability from nvd – Published: 2021-09-15 18:01 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection�)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE DMIS Mobile Plug-In Affected: < DMIS 2011_1_620
    Affected: < 2011_1_640
    Affected: < 2011_1_700
    Affected: < 2011_1_710
    Affected: < 2011_1_730
    Affected: < 710
    Affected: < 2011_1_731
    Affected: < 2011_1_752
    Affected: < 2020
    Create a notification for this product.
    SAP SE SAP S/4HANA Affected: < SAPSCORE 125
    Affected: < S4CORE 102
    Affected: < 102
    Affected: < 103
    Affected: < 104
    Affected: < 105
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3078312"
              },
              {
                "name": "20211214 SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Dec/36"
              },
              {
                "name": "20211214 SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Dec/35"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DMIS Mobile Plug-In",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c DMIS 2011_1_620"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_640"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_710"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 710"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2020"
                }
              ]
            },
            {
              "product": "SAP S/4HANA",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c SAPSCORE 125"
                },
                {
                  "status": "affected",
                  "version": "\u003c S4CORE 102"
                },
                {
                  "status": "affected",
                  "version": "\u003c 102"
                },
                {
                  "status": "affected",
                  "version": "\u003c 103"
                },
                {
                  "status": "affected",
                  "version": "\u003c 104"
                },
                {
                  "status": "affected",
                  "version": "\u003c 105"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\ufffd)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-15T17:06:24.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3078312"
            },
            {
              "name": "20211214 SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Dec/36"
            },
            {
              "name": "20211214 SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Dec/35"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2021-33701",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DMIS Mobile Plug-In",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "DMIS 2011_1_620"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_640"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_710"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "710"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "710"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2020"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP S/4HANA",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "SAPSCORE 125"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "S4CORE 102"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "102"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "103"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "104"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "105"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "9.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\ufffd)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3078312",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3078312"
                },
                {
                  "name": "20211214 SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Dec/36"
                },
                {
                  "name": "20211214 SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Dec/35"
                },
                {
                  "name": "http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-33701",
        "datePublished": "2021-09-15T18:01:55.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:22.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0245 (GCVE-0-2019-0245)

    Vulnerability from nvd – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI (SAPSCORE) Affected: < 1.12
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (S4FND) Affected: < 1.02
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (WEBCUIF) Affected: < 7.31
    Affected: < 7.46
    Affected: < 7.47
    Affected: < 7.48
    Affected: < 8.0
    Affected: < 8.01
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:15.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2588763"
              },
              {
                "name": "106468",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106468"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (S4FND)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (WEBCUIF)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.46"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.47"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.48"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.01"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2588763"
            },
            {
              "name": "106468",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106468"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0245",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (S4FND)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (WEBCUIF)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.46"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.47"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.48"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2588763",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2588763"
                },
                {
                  "name": "106468",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106468"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0245",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:15.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0244 (GCVE-0-2019-0244)

    Vulnerability from nvd – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI (SAPSCORE) Affected: < 1.12
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (S4FND) Affected: < 1.02
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (WEBCUIF) Affected: < 7.31
    Affected: < 7.46
    Affected: < 7.47
    Affected: < 7.48
    Affected: < 8.0
    Affected: < 8.01
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2588763"
              },
              {
                "name": "106473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106473"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (S4FND)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (WEBCUIF)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.46"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.47"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.48"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.01"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2588763"
            },
            {
              "name": "106473",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106473"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (S4FND)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (WEBCUIF)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.46"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.47"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.48"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2588763",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2588763"
                },
                {
                  "name": "106473",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106473"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0244",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2484 (GCVE-0-2018-2484)

    Vulnerability from nvd – Published: 2019-01-08 20:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Enterprise Financial Services (SAPSCORE) Affected: < 1.13
    Affected: < 1.14
    Affected: < 1.15
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (S4CORE) Affected: < 1.01
    Affected: < 1.02
    Affected: < 1.03
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (EA-FINSERV) Affected: < 1.10
    Affected: < 2.0
    Affected: < 5.0
    Affected: < 6.0
    Affected: < 6.03
    Affected: < 6.04
    Affected: < 6.05
    Affected: < 6.06
    Affected: < 6.16
    Affected: < 6.17
    Affected: < 6.18
    Affected: < 8.0
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (Bank/CFM) Affected: < 4.63_20
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:33.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2662687"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              },
              {
                "name": "106477",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Enterprise Financial Services (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.14"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.15"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (S4CORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.01"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.03"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (EA-FINSERV)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 5.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.05"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.06"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.16"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.17"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.18"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (Bank/CFM)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.63_20"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2662687"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            },
            {
              "name": "106477",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106477"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2484",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Enterprise Financial Services (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.13"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.14"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (S4CORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.01"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.03"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (EA-FINSERV)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.10"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "5.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.04"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.05"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.06"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.16"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.17"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.18"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (Bank/CFM)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "4.63_20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2662687",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2662687"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                },
                {
                  "name": "106477",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106477"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2484",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:33.945Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2419 (GCVE-0-2018-2419)

    Vulnerability from nvd – Published: 2018-05-09 20:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Enterprise Financial Services (SAPSCORE) Affected: 1.11
    Affected: 1.12
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (S4CORE) Affected: 1.01
    Affected: 1.02
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (EA-FINSERV) Affected: 6.04
    Affected: 6.05
    Affected: 6.06
    Affected: 6.16
    Affected: 6.17
    Affected: 6.18
    Affected: 8.0
    Create a notification for this product.
    Date Public
    2018-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:33.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
              },
              {
                "name": "104116",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104116"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2596627"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Enterprise Financial Services (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (S4CORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01"
                },
                {
                  "status": "affected",
                  "version": "1.02"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (EA-FINSERV)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.04"
                },
                {
                  "status": "affected",
                  "version": "6.05"
                },
                {
                  "status": "affected",
                  "version": "6.06"
                },
                {
                  "status": "affected",
                  "version": "6.16"
                },
                {
                  "status": "affected",
                  "version": "6.17"
                },
                {
                  "status": "affected",
                  "version": "6.18"
                },
                {
                  "status": "affected",
                  "version": "8.0"
                }
              ]
            }
          ],
          "datePublic": "2018-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
            },
            {
              "name": "104116",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104116"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2596627"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2419",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Enterprise Financial Services (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.11"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (S4CORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.01"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (EA-FINSERV)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.05"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.06"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.16"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.17"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.18"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/",
                  "refsource": "CONFIRM",
                  "url": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
                },
                {
                  "name": "104116",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104116"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2596627",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2596627"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2419",
        "datePublished": "2018-05-09T20:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:33.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29188 (GCVE-0-2023-29188)

    Vulnerability from cvelistv5 – Published: 2023-05-09 00:57 – Updated: 2025-01-28 16:13
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI
    Summary
    SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM WebClient UI Affected: SAPSCORE 129
    Affected: S4FND 102
    Affected: S4FND 103
    Affected: S4FND 104
    Affected: S4FND 105
    Affected: S4FND 106
    Affected: S4FND 107
    Affected: WEBCUIF 701
    Affected: WEBCUIF 731
    Affected: WEBCUIF 746
    Affected: WEBCUIF 747
    Affected: WEBCUIF 748
    Affected: WEBCUIF 800
    Affected: WEBCUIF 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:15.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T16:13:12.372471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-28T16:13:33.060Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM WebClient UI",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAPSCORE 129"
                },
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "S4FND 103"
                },
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "S4FND 105"
                },
                {
                  "status": "affected",
                  "version": "S4FND 106"
                },
                {
                  "status": "affected",
                  "version": "S4FND 107"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 731"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 746"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 747"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 748"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 800"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-05-09T00:57:57.055Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://i7p.wdf.sap.corp/sap/support/notes/3315979"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-29188",
        "datePublished": "2023-05-09T00:57:57.055Z",
        "dateReserved": "2023-04-03T09:22:43.158Z",
        "dateUpdated": "2025-01-28T16:13:33.060Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-31597 (GCVE-0-2022-31597)

    Vulnerability from cvelistv5 – Published: 2022-07-12 20:27 – Updated: 2024-08-03 07:25
    VLAI
    Summary
    Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP S/4HANA Affected: S4CORE 101
    Affected: 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: SAPSCORE 127
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:25:59.513Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3213826"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP S/4HANA",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CORE 101"
                },
                {
                  "status": "affected",
                  "version": "102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "SAPSCORE 127"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-12T20:27:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3213826"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-31597",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP S/4HANA",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "S4CORE 101"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "102"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "103"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "104"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "105"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "106"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "SAPSCORE 127"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-862"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3213826",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3213826"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-31597",
        "datePublished": "2022-07-12T20:27:00.000Z",
        "dateReserved": "2022-05-24T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:25:59.513Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33701 (GCVE-0-2021-33701)

    Vulnerability from cvelistv5 – Published: 2021-09-15 18:01 – Updated: 2024-08-03 23:58
    VLAI
    Summary
    DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection�)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE DMIS Mobile Plug-In Affected: < DMIS 2011_1_620
    Affected: < 2011_1_640
    Affected: < 2011_1_700
    Affected: < 2011_1_710
    Affected: < 2011_1_730
    Affected: < 710
    Affected: < 2011_1_731
    Affected: < 2011_1_752
    Affected: < 2020
    Create a notification for this product.
    SAP SE SAP S/4HANA Affected: < SAPSCORE 125
    Affected: < S4CORE 102
    Affected: < 102
    Affected: < 103
    Affected: < 104
    Affected: < 105
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:58:22.494Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3078312"
              },
              {
                "name": "20211214 SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Dec/36"
              },
              {
                "name": "20211214 SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Dec/35"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DMIS Mobile Plug-In",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c DMIS 2011_1_620"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_640"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_700"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_710"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_730"
                },
                {
                  "status": "affected",
                  "version": "\u003c 710"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_731"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2011_1_752"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2020"
                }
              ]
            },
            {
              "product": "SAP S/4HANA",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c SAPSCORE 125"
                },
                {
                  "status": "affected",
                  "version": "\u003c S4CORE 102"
                },
                {
                  "status": "affected",
                  "version": "\u003c 102"
                },
                {
                  "status": "affected",
                  "version": "\u003c 103"
                },
                {
                  "status": "affected",
                  "version": "\u003c 104"
                },
                {
                  "status": "affected",
                  "version": "\u003c 105"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\ufffd)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-15T17:06:24.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3078312"
            },
            {
              "name": "20211214 SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Dec/36"
            },
            {
              "name": "20211214 SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Dec/35"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2021-33701",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "DMIS Mobile Plug-In",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "DMIS 2011_1_620"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_640"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_700"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_710"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_730"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "710"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_731"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "710"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2011_1_752"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2020"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP S/4HANA",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "SAPSCORE 125"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "S4CORE 102"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "102"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "103"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "104"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "105"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "9.1",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\ufffd)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3078312",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3078312"
                },
                {
                  "name": "20211214 SEC Consult SA-20211214-1 :: Remote ABAP Code Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Dec/36"
                },
                {
                  "name": "20211214 SEC Consult SA-20211214-0 :: Remote ADBC SQL Injection in SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Dec/35"
                },
                {
                  "name": "http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-33701",
        "datePublished": "2021-09-15T18:01:55.000Z",
        "dateReserved": "2021-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:58:22.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0245 (GCVE-0-2019-0245)

    Vulnerability from cvelistv5 – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI (SAPSCORE) Affected: < 1.12
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (S4FND) Affected: < 1.02
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (WEBCUIF) Affected: < 7.31
    Affected: < 7.46
    Affected: < 7.47
    Affected: < 7.48
    Affected: < 8.0
    Affected: < 8.01
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:15.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2588763"
              },
              {
                "name": "106468",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106468"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (S4FND)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (WEBCUIF)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.46"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.47"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.48"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.01"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2588763"
            },
            {
              "name": "106468",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106468"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0245",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (S4FND)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (WEBCUIF)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.46"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.47"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.48"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2588763",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2588763"
                },
                {
                  "name": "106468",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106468"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0245",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:15.952Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0244 (GCVE-0-2019-0244)

    Vulnerability from cvelistv5 – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP CRM WebClient UI (SAPSCORE) Affected: < 1.12
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (S4FND) Affected: < 1.02
    Create a notification for this product.
    SAP SE SAP CRM WebClient UI (WEBCUIF) Affected: < 7.31
    Affected: < 7.46
    Affected: < 7.47
    Affected: < 7.48
    Affected: < 8.0
    Affected: < 8.01
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.026Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2588763"
              },
              {
                "name": "106473",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106473"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP CRM WebClient UI (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.12"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (S4FND)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                }
              ]
            },
            {
              "product": "SAP CRM WebClient UI (WEBCUIF)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.46"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.47"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.48"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.01"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2588763"
            },
            {
              "name": "106473",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106473"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0244",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP CRM WebClient UI (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (S4FND)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP CRM WebClient UI (WEBCUIF)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.46"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.47"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.48"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.01"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2588763",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2588763"
                },
                {
                  "name": "106473",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106473"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0244",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2484 (GCVE-0-2018-2484)

    Vulnerability from cvelistv5 – Published: 2019-01-08 20:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Enterprise Financial Services (SAPSCORE) Affected: < 1.13
    Affected: < 1.14
    Affected: < 1.15
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (S4CORE) Affected: < 1.01
    Affected: < 1.02
    Affected: < 1.03
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (EA-FINSERV) Affected: < 1.10
    Affected: < 2.0
    Affected: < 5.0
    Affected: < 6.0
    Affected: < 6.03
    Affected: < 6.04
    Affected: < 6.05
    Affected: < 6.06
    Affected: < 6.16
    Affected: < 6.17
    Affected: < 6.18
    Affected: < 8.0
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (Bank/CFM) Affected: < 4.63_20
    Create a notification for this product.
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:33.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2662687"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              },
              {
                "name": "106477",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Enterprise Financial Services (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.14"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.15"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (S4CORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.01"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.03"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (EA-FINSERV)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.10"
                },
                {
                  "status": "affected",
                  "version": "\u003c 2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 5.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.05"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.06"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.16"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.17"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.18"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (Bank/CFM)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.63_20"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2662687"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            },
            {
              "name": "106477",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106477"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2484",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Enterprise Financial Services (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.13"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.14"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (S4CORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.01"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.03"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (EA-FINSERV)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.10"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "2.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "5.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.04"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.05"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.06"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.16"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.17"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.18"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (Bank/CFM)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "4.63_20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2662687",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2662687"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                },
                {
                  "name": "106477",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106477"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2484",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:33.945Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2419 (GCVE-0-2018-2419)

    Vulnerability from cvelistv5 – Published: 2018-05-09 20:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Enterprise Financial Services (SAPSCORE) Affected: 1.11
    Affected: 1.12
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (S4CORE) Affected: 1.01
    Affected: 1.02
    Create a notification for this product.
    SAP SE SAP Enterprise Financial Services (EA-FINSERV) Affected: 6.04
    Affected: 6.05
    Affected: 6.06
    Affected: 6.16
    Affected: 6.17
    Affected: 6.18
    Affected: 8.0
    Create a notification for this product.
    Date Public
    2018-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:33.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
              },
              {
                "name": "104116",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104116"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2596627"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Enterprise Financial Services (SAPSCORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.11"
                },
                {
                  "status": "affected",
                  "version": "1.12"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (S4CORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.01"
                },
                {
                  "status": "affected",
                  "version": "1.02"
                }
              ]
            },
            {
              "product": "SAP Enterprise Financial Services (EA-FINSERV)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.04"
                },
                {
                  "status": "affected",
                  "version": "6.05"
                },
                {
                  "status": "affected",
                  "version": "6.06"
                },
                {
                  "status": "affected",
                  "version": "6.16"
                },
                {
                  "status": "affected",
                  "version": "6.17"
                },
                {
                  "status": "affected",
                  "version": "6.18"
                },
                {
                  "status": "affected",
                  "version": "8.0"
                }
              ]
            }
          ],
          "datePublic": "2018-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
            },
            {
              "name": "104116",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104116"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2596627"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2419",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Enterprise Financial Services (SAPSCORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.11"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (S4CORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.01"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.02"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Enterprise Financial Services (EA-FINSERV)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "6.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.05"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.06"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.16"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.17"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "6.18"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/",
                  "refsource": "CONFIRM",
                  "url": "https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/"
                },
                {
                  "name": "104116",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104116"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2596627",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2596627"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2419",
        "datePublished": "2018-05-09T20:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:33.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }