S\/4hana
This hub aggregates every CVE we track for S\/4hana, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
17
CVEs tracked
1
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM13HIGH3CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting S\/4hana.
- CVE-2026-0488Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)9.9
- CVE-2023-42475Information Disclosure Vulnerability in Statutory Reporting4.3
- CVE-2023-42473Missing Authorization Check In S/4HANA (Manage Withholding Tax Items)5.4
- CVE-2023-40306URL Redirection vulnerability in SAP S/4HANA (Manage Catalog Items and Cross-Catalog search)6.1
- CVE-2023-24524SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker t...6.5
- CVE-2022-32248Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the data...5.3
- CVE-2022-31597Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a ...5.4
- CVE-2022-31589Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction,...6.5
- CVE-2022-22542S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects...6.5
- CVE-2022-22531The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights ...8.1
- CVE-2022-22530The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights ...8.1
- CVE-2021-38176Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ...8.8
- CVE-2020-6316SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.4.3
- CVE-2020-6212Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do ...5.4
- CVE-2020-6214SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploi...4.7
Product normalization is registry-driven with AI assist and human review. How it works