GCVE - cpe:2.3:a:sap:s\/4hana:100:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sap:s\/4hana:100:*:*:*:*:*:*:*

part: a version: 100 update: *

Vendor	Sap (`dd5aa0c0-20b0-5c86-a937-aa29f1a33b77`)
Product	S/4Hana (`1db5d00c-feee-5087-9d8e-f62ea0077696`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-31589`	vulnerable	2026-06-03 14:47:11.544068	Details available Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. Published: 2022-06-14T18:36:39.000Z Updated: 2024-08-03T07:19:06.823Z Open on db.gcve.eu Reference links https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html https://launchpad.support.sap.com/#/notes/3203065	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-22531`	vulnerable	2026-06-03 14:46:24.513156	Details available The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. Published: 2022-01-14T19:11:28.000Z Updated: 2024-08-03T03:14:55.412Z Open on db.gcve.eu Reference links https://launchpad.support.sap.com/#/notes/3112928 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-22530`	vulnerable	2026-06-03 14:46:24.509623	Details available The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application. Published: 2022-01-14T19:11:26.000Z Updated: 2024-08-03T03:14:55.426Z Open on db.gcve.eu Reference links https://launchpad.support.sap.com/#/notes/3112928 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6316`	vulnerable	2026-06-03 14:42:58.538629	Details available MEDIUM (4.3) SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. Published: 2020-11-10T16:11:29.000Z Updated: 2024-08-04T08:55:22.258Z Open on db.gcve.eu Reference links https://launchpad.support.sap.com/#/notes/2944188 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-6212`	vulnerable	2026-06-03 14:42:58.162544	Details available MEDIUM (5.4) Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. Published: 2020-04-24T22:18:54.000Z Updated: 2024-08-04T08:55:22.053Z Open on db.gcve.eu Reference links https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 https://launchpad.support.sap.com/#/notes/2864966	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.