Sap S4core
13 CVEs affecting Sap S4core. Latest disclosed: 2026-02-10. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-33701 | Critical | 9.1 | 2021-09-15 | DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCOR… |
CVE-2018-2484 | High | 8.8 | 2019-01-08 | SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6… |
CVE-2024-39592 | High | 7.7 | 2024-07-09 | Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker t… |
CVE-2023-35870 | Medium | 6.3 | 2023-07-11 | When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the sav… |
CVE-2026-24323 | Medium | 6.1 | 2026-02-10 | The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. W… |
CVE-2026-0505 | Medium | 6.1 | 2026-02-10 | The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unval… |
CVE-2024-37172 | Medium | 5.4 | 2024-07-09 | SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated user, resulting in escalation of privileg… |
CVE-2023-40625 | Medium | 5.4 | 2023-09-12 | S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This… |
CVE-2023-29109 | Medium | 4.4 | 2023-04-11 | The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application al… |
CVE-2026-23688 | Medium | 4.3 | 2026-02-10 | SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Thi… |
CVE-2023-29110 | Low | 3.7 | 2023-04-11 | The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows… |
CVE-2018-2419 | Low | 3.7 | 2018-05-09 | SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary autho… |
CVE-2023-32112 | Low | 2.8 | 2023-05-09 | Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617… |