GCVE - cpe:2.3:a:sap:s4core:102:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sap:s4core:102:*:*:*:*:*:*:*

part: a version: 102 update: *

Vendor	Sap (`dd5aa0c0-20b0-5c86-a937-aa29f1a33b77`)
Product	S4Core (`9972b30a-ff08-5b90-8afc-11d2a838ad9a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-24323`	vulnerable	2026-06-03 15:16:52.228304	Multiple vulnerabilities in BSP Applications of SAP Document Management System MEDIUM (6.1) The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application. Published: 2026-02-10T03:04:11.848Z Updated: 2026-02-10T16:22:54.274Z Open on db.gcve.eu Reference links https://me.sap.com/notes/3678417 https://url.sap/sapsecuritypatchday	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-23688`	vulnerable	2026-06-03 15:16:50.419027	Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services) MEDIUM (4.3) SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted. Published: 2026-02-10T03:02:58.702Z Updated: 2026-02-10T17:18:34.212Z Open on db.gcve.eu Reference links https://me.sap.com/notes/3215823 https://url.sap/sapsecuritypatchday	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-0505`	vulnerable	2026-06-03 15:14:41.980114	Multiple vulnerabilities in BSP Applications of SAP Document Management System MEDIUM (6.1) The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application. Published: 2026-02-10T03:01:30.818Z Updated: 2026-02-10T16:28:31.245Z Open on db.gcve.eu Reference links https://me.sap.com/notes/3678417 https://url.sap/sapsecuritypatchday	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-39592`	vulnerable	2026-06-03 14:56:21.962979	[CVE-2024-39592] Missing Authorization check in SAP PDCE HIGH (7.7) Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application. Published: 2024-07-09T03:45:56.018Z Updated: 2024-08-02T04:26:15.969Z Open on db.gcve.eu Reference links https://url.sap/sapsecuritypatchday https://me.sap.com/notes/3483344	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-40625`	vulnerable	2026-06-03 14:52:50.234026	Missing Authorization check in SAP Manage Purchase Contracts App MEDIUM (5.4) S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system. Published: 2023-09-12T02:00:13.727Z Updated: 2024-09-25T15:28:24.390Z Open on db.gcve.eu Reference links https://me.sap.com/notes/3326361 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-33701`	vulnerable	2026-06-03 14:44:43.947718	Details available CRITICAL (9.1) DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. Published: 2021-09-15T18:01:55.000Z Updated: 2024-08-03T23:58:22.494Z Open on db.gcve.eu Reference links https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 https://launchpad.support.sap.com/#/notes/3078312 http://seclists.org/fulldisclosure/2021/Dec/36 http://seclists.org/fulldisclosure/2021/Dec/35 http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.