SAP S4 Hana
By the Year
In 2024 there have been 0 vulnerabilities in SAP S4 Hana . Last year S4 Hana had 2 security vulnerabilities published. Right now, S4 Hana is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 2 | 4.80 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 2 | 8.20 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new S4 Hana vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP S4 Hana Security Vulnerabilities
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108
CVE-2023-41369
4.3 - Medium
- September 12, 2023
The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.
XXE
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107
CVE-2023-41368
5.3 - Medium
- September 12, 2023
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.
Insecure Direct Object Reference / IDOR
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105
CVE-2020-26832
7.6 - High
- December 09, 2020
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
AuthZ
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600
CVE-2020-6188
8.8 - High
- February 12, 2020
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP S4 Hana or by SAP? Click the Watch button to subscribe.