SAP Business Planning Consolidation
By the Year
In 2024 there have been 0 vulnerabilities in SAP Business Planning Consolidation . Last year Business Planning Consolidation had 3 security vulnerabilities published. Right now, Business Planning Consolidation is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 3 | 6.53 |
| 2022 | 1 | 7.50 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 5.40 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 8.10 |
It may take a day or so for new Business Planning Consolidation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Business Planning Consolidation Security Vulnerabilities
SAP Business Planning and Consolidation - versions 740, 750
CVE-2023-31407
5.4 - Medium
- May 09, 2023
SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
XSS
SAP Business Planning and Consolidation - versions 200, 300
CVE-2023-23851
5.4 - Medium
- February 14, 2023
SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system.
Unrestricted File Upload
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries
CVE-2023-0016
8.8 - High
- January 10, 2023
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database.
SQL Injection
In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750
CVE-2022-41268
7.5 - High
- December 13, 2022
In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data.
Improper Privilege Management
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker
CVE-2020-6368
5.4 - Medium
- October 15, 2020
SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting.
XSS
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC
CVE-2017-16349
8.1 - High
- August 02, 2018
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Business Planning Consolidation or by SAP? Click the Watch button to subscribe.
