S4 Hana SAP S4 Hana

Do you want an email whenever new security vulnerabilities are reported in SAP S4 Hana?

By the Year

In 2024 there have been 0 vulnerabilities in SAP S4 Hana . Last year S4 Hana had 2 security vulnerabilities published. Right now, S4 Hana is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 2 4.80
2022 0 0.00
2021 0 0.00
2020 2 8.20
2019 0 0.00
2018 0 0.00

It may take a day or so for new S4 Hana vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent SAP S4 Hana Security Vulnerabilities

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108

CVE-2023-41369 4.3 - Medium - September 12, 2023

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.

XXE

The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107

CVE-2023-41368 5.3 - Medium - September 12, 2023

The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.

Insecure Direct Object Reference / IDOR

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105

CVE-2020-26832 7.6 - High - December 09, 2020

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.

AuthZ

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600

CVE-2020-6188 8.8 - High - February 12, 2020

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for SAP S4 Hana or by SAP? Click the Watch button to subscribe.

SAP
Vendor

SAP S4 Hana
Product

subscribe