VDB

GCVE-110-NCSC-2024-247

GCVE-110-NCSC-2024-247
Advisory PublishedCVSS 8.1/10
Vulnetix · Advisory published June 11, 2024
SAP heeft kwetsbaarheden verholpen in diverse SAP producten, zoals Business Objects, HANA, CRM en NetWeaver.

Weaknesses (CWE)

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-400Uncontrolled Resource ConsumptionCWE-434Unrestricted Upload of File with Dangerous TypeCWE-862Missing AuthorizationCWE-200Exposure of Sensitive Information to an Unauthorized Actor

Risk Scores

CVSS 3.1
8.1/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
sap_sesap_crm_webclient_ui
sap_sesap_businessobjects_business_intelligence_platform
sap_sesap_bw_4hana_transformation_and_data_transfer_process
sap_sesap_netweaver_and_abap_platform
sap_sesap_netweaver_as_java
sap_sesap_financial_consolidation
sap_sesap_document_builder
sapnetweaver_application_server_abap
sapfinancial_consolidation
sap_sesap_s_4hana__manage_incoming_payment_files_
sap_sesap_student_life_cycle_management

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›