GCVE - cpe:2.3:a:sap:s4core:105:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sap:s4core:105:*:*:*:*:*:*:*

part: a version: 105 update: *

Vendor	Sap (`dd5aa0c0-20b0-5c86-a937-aa29f1a33b77`)
Product	S4Core (`9972b30a-ff08-5b90-8afc-11d2a838ad9a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-24323`	vulnerable	2026-06-03 15:16:52.228486	Multiple vulnerabilities in BSP Applications of SAP Document Management System MEDIUM (6.1) The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application. Published: 2026-02-10T03:04:11.848Z Updated: 2026-02-10T16:22:54.274Z Open on db.gcve.eu Reference links https://me.sap.com/notes/3678417 https://url.sap/sapsecuritypatchday	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-23688`	vulnerable	2026-06-03 15:16:50.421282	Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services) MEDIUM (4.3) SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted. Published: 2026-02-10T03:02:58.702Z Updated: 2026-02-10T17:18:34.212Z Open on db.gcve.eu Reference links https://me.sap.com/notes/3215823 https://url.sap/sapsecuritypatchday	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-0505`	vulnerable	2026-06-03 15:14:41.982477	Multiple vulnerabilities in BSP Applications of SAP Document Management System MEDIUM (6.1) The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application. Published: 2026-02-10T03:01:30.818Z Updated: 2026-02-10T16:28:31.245Z Open on db.gcve.eu Reference links https://me.sap.com/notes/3678417 https://url.sap/sapsecuritypatchday	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-40625`	vulnerable	2026-06-03 14:52:50.235768	Missing Authorization check in SAP Manage Purchase Contracts App MEDIUM (5.4) S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system. Published: 2023-09-12T02:00:13.727Z Updated: 2024-09-25T15:28:24.390Z Open on db.gcve.eu Reference links https://me.sap.com/notes/3326361 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-35870`	vulnerable	2026-06-03 14:52:19.117501	Improper Access Control in SAP S/4HANA (Manage Journal Entry Template) MEDIUM (6.3) When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable. Published: 2023-07-11T02:40:26.084Z Updated: 2024-10-29T13:43:24.084Z Open on db.gcve.eu Reference links https://me.sap.com/notes/3341211 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-33701`	vulnerable	2026-06-03 14:44:43.949224	Details available CRITICAL (9.1) DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. Published: 2021-09-15T18:01:55.000Z Updated: 2024-08-03T23:58:22.494Z Open on db.gcve.eu Reference links https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 https://launchpad.support.sap.com/#/notes/3078312 http://seclists.org/fulldisclosure/2021/Dec/36 http://seclists.org/fulldisclosure/2021/Dec/35 http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.