The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NSap S\/4 Hana
APPSap102103104105106107
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-0498CRITICAL9.1PL ✓ten sam produkt
SAP S/4HANA: injection kodu ABAP/poleceń OS przez RFC z uprawnieniami admina
CVE-2020-26832HIGH7.6ten sam produkt
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_...
CVE-2020-6188HIGH8.8ten sam produkt
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617,...
CVE-2024-45282MEDIUM4.3ten sam produkt
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be ...
CVE-2024-34691MEDIUM6.5ten sam produkt
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an au...