{"@odata.context":"https:\/\/xiting.co\/xcp\/odata.svc\/$metadata","value":[{"Id":"962319","SAP_Component":"BC-WD-JAV-RUN","Title":"Detaillierte Fehlermeldungen mit Stack-Trace in Web Dynpro","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Customizing","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-04-23","First_released_on":"2009-10-08","Link":"https:\/\/me.sap.com\/notes\/962319"},{"Id":"1408081","SAP_Component":"BC-CST-GW","Title":"Grundlegende Einstellungen f\u00c3\u00bcr reg_info und sec_info","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Customizing","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2010-09-14","Link":"https:\/\/me.sap.com\/notes\/1408081"},{"Id":"1517831","SAP_Component":"PY-NPO","Title":"Potential Directory Traversal in SAP HCM Payroll NPO","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-31","First_released_on":"2010-12-14","Link":"https:\/\/me.sap.com\/notes\/1517831"},{"Id":"1525125","SAP_Component":"BC-CST-GW","Title":"Aktualisierung #1 zu Sicherheitshinweis 1408081","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Customizing","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2010-12-01","Link":"https:\/\/me.sap.com\/notes\/1525125"},{"Id":"1610734","SAP_Component":"AP-MD-BP","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in Applikationsplattform MD-BP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/1610734"},{"Id":"1640584","SAP_Component":"BC-MID-RFC","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung zur Pflege von Trustbeziehung","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/1640584"},{"Id":"1661568","SAP_Component":"SRM-SUS","Title":"Unbefugte \u00c3\u201enderung in BSP-Applikation\/SICF-Service","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2012-05-08","Link":"https:\/\/me.sap.com\/notes\/1661568"},{"Id":"1715734","SAP_Component":"BC-JAS-TRH","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in dbpool-Administration","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2013-03-12","Link":"https:\/\/me.sap.com\/notes\/1715734"},{"Id":"1753378","SAP_Component":"BC-JAS-WEB","Title":"Directory-Traversal im Web-Container","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2013-08-13","Link":"https:\/\/me.sap.com\/notes\/1753378"},{"Id":"1794761","SAP_Component":"AP-MD-BF-SYN","Title":"[CVE-2023-32115] SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-05-23","First_released_on":"2023-05-23","Link":"https:\/\/me.sap.com\/notes\/1794761"},{"Id":"1827555","SAP_Component":"SRM-EBP-CA-UI","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in SAP SRM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/1827555"},{"Id":"1936262","SAP_Component":"SV-SMG-ASU","Title":"Directory-Traversal in ASU Toolbox","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-27","First_released_on":"2014-07-17","Link":"https:\/\/me.sap.com\/notes\/1936262"},{"Id":"1938764","SAP_Component":"EHS-SAF-GLM","Title":"[CVE-2024-33009] SQL-Injection-Schwachstelle in SAP Global Label Management (GLM)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/1938764"},{"Id":"1944155","SAP_Component":"CO-PA","Title":"Missing authority check in Report RKEDELE1","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-01","First_released_on":"2015-02-25","Link":"https:\/\/me.sap.com\/notes\/1944155"},{"Id":"1951171","SAP_Component":"LO-SPM","Title":"Potentiell kontrolierbarer RFC-Funktionsbaustein bei Buchungen in Verbindung mit dem EWM","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-01","First_released_on":"2015-01-13","Link":"https:\/\/me.sap.com\/notes\/1951171"},{"Id":"1966029","SAP_Component":"EHS-SAF","Title":"Directory-Traversal in EHS","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/1966029"},{"Id":"1999142","SAP_Component":"BI-RA-CR","Title":"Potenzielle Remote-Ausf\u00c3\u00bchrung von Code in SAP Crystal Reports","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-06-20","First_released_on":"2014-08-12","Link":"https:\/\/me.sap.com\/notes\/1999142"},{"Id":"2016974","SAP_Component":"EHS-MGM-RAS","Title":"M\u00c3\u00b6gliche Offenlegung von Informationen bez\u00c3\u00bcglich \"Sicherheitshinweis abfragen\"","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-07-12","First_released_on":"2018-07-12","Link":"https:\/\/me.sap.com\/notes\/2016974"},{"Id":"2017041","SAP_Component":"EHS-MGM-RAS","Title":"M\u00c3\u00b6gliche Offenlegung von Informationen bez\u00c3\u00bcglich \"Sicherheitsma\u00c3\u0178nahmen \u00c3\u00bcberpr\u00c3\u00bcfen\"","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-07-12","First_released_on":"2018-07-12","Link":"https:\/\/me.sap.com\/notes\/2017041"},{"Id":"2028904","SAP_Component":"BC-MID-ICF-LGN","Title":"Schutz gegen Cross-Frame-Scripting in SAP-ABAP-HTTP-Anmeldeanwendung","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-26","First_released_on":"2014-09-09","Link":"https:\/\/me.sap.com\/notes\/2028904"},{"Id":"2030096","SAP_Component":"LO-SRS","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in Komponente LO-SRS","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-01","First_released_on":"2014-11-11","Link":"https:\/\/me.sap.com\/notes\/2030096"},{"Id":"2030144","SAP_Component":"IS-HER-CM","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in SLCM ( Student Lifecycle Management)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2014-11-11","Link":"https:\/\/me.sap.com\/notes\/2030144"},{"Id":"2030657","SAP_Component":"PSM-GPR","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in PSM-GPR","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-01","First_released_on":"2014-11-11","Link":"https:\/\/me.sap.com\/notes\/2030657"},{"Id":"2032723","SAP_Component":"SRM-EBP-INT","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in SRM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2014-11-11","Link":"https:\/\/me.sap.com\/notes\/2032723"},{"Id":"2057196","SAP_Component":"IS-B-BCA-AM","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in IS-B-BCA-AM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2014-09-17","Link":"https:\/\/me.sap.com\/notes\/2057196"},{"Id":"2061129","SAP_Component":"FIN-FSCM-DM","Title":"Fehlende Positivlistenpr\u00c3\u00bcfung in SAP Dispute Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-30","First_released_on":"2015-10-02","Link":"https:\/\/me.sap.com\/notes\/2061129"},{"Id":"2067220","SAP_Component":"SRM-EBP-ADM-XBP","Title":"[CVE-2023-39436] Offenlegung von Informationen in SAP Supplier Relationship Management","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/2067220"},{"Id":"2070691","SAP_Component":"SV-SMG-SDD","Title":"Potentielle Offenlegung von Informationen zu Datenbankserver-Dateisystem","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2014-11-11","Link":"https:\/\/me.sap.com\/notes\/2070691"},{"Id":"2091403","SAP_Component":"BC-MID-ICF","Title":"Directory-Traversal in BC-MID-ICF","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2015-08-11","Link":"https:\/\/me.sap.com\/notes\/2091403"},{"Id":"2114798","SAP_Component":"BC-FES-ITS","Title":"Unauthorized use of application functions in SAP GUI for HTML","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-27","First_released_on":"2021-04-27","Link":"https:\/\/me.sap.com\/notes\/2114798"},{"Id":"2142551","SAP_Component":"BC-WD-ABA","Title":"Whitelist-Service f\u00c3\u00bcr Clickjacking-Framing-Schutz in AS ABAP","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-01-14","First_released_on":"2016-07-12","Link":"https:\/\/me.sap.com\/notes\/2142551"},{"Id":"2155614","SAP_Component":"SD-SLS","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SD-SLS, SD-CAS und SD-MD-AM-CMI","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-08-01","First_released_on":"2015-06-09","Link":"https:\/\/me.sap.com\/notes\/2155614"},{"Id":"2165892","SAP_Component":"FIN-FSCM-TRM-TM","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in Transaction Manager","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-01-14","First_released_on":"2020-01-14","Link":"https:\/\/me.sap.com\/notes\/2165892"},{"Id":"2174651","SAP_Component":"BC-XI-IBC","Title":"M\u00c3\u00b6gliche Offenlegung von Informationen bez\u00c3\u00bcglich PI Integration Directory","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2017-12-07","Link":"https:\/\/me.sap.com\/notes\/2174651"},{"Id":"2180849","SAP_Component":"XX-PART-ADB-IFD","Title":"Drucktaste zum Abmelden fehlt auf der Konfigurationsbenutzungsoberfl\u00c3\u00a4che von Adobe Document Services auf HCP","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2180849"},{"Id":"2189853","SAP_Component":"BC-MID-ICF","Title":"Validierung von HTTP_WHITELIST durch SAP Internet Communication Framework schl\u00c3\u00a4gt fehl","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2015-10-13","Link":"https:\/\/me.sap.com\/notes\/2189853"},{"Id":"2197830","SAP_Component":"FS-AM","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in Kontoverwaltung","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-30","First_released_on":"2016-10-29","Link":"https:\/\/me.sap.com\/notes\/2197830"},{"Id":"2201710","SAP_Component":"BC-SYB-PB","Title":"Behebung von Logjam- und \"Alternative Chains Certificate Forgery\"-Schwachstellen in mehreren SAP-Produkten","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2015-09-08","Link":"https:\/\/me.sap.com\/notes\/2201710"},{"Id":"2245130","SAP_Component":"BC-MID-RFC","Title":"Potenzielle Umgehung von Unified-Connectivity-Laufzeitpr\u00c3\u00bcfungen in BC-MID-RFC","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-15","First_released_on":"2016-02-09","Link":"https:\/\/me.sap.com\/notes\/2245130"},{"Id":"2250863","SAP_Component":"XX-CSC-IN-MM","Title":"Missing authorization check in CIN Journal Voucher","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2019-03-26","First_released_on":"2016-08-17","Link":"https:\/\/me.sap.com\/notes\/2250863"},{"Id":"2264508","SAP_Component":"XX-CSC-PT-FICA","Title":"SQL Injection in  SAF-T Portugal","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-27","First_released_on":"2020-10-27","Link":"https:\/\/me.sap.com\/notes\/2264508"},{"Id":"2272676","SAP_Component":"BC-WD-CMP-ALV-ABA","Title":"Tabellenkalkulationsformel-Injection in FPM-Listen-UIBB-ATS\/FPM-Baum-UIBB\/WD ALV","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-26","First_released_on":"2016-05-10","Link":"https:\/\/me.sap.com\/notes\/2272676"},{"Id":"2275009","SAP_Component":"CRM-MW-ADP","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in CRM-MW-ADP","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-01","First_released_on":"2016-10-11","Link":"https:\/\/me.sap.com\/notes\/2275009"},{"Id":"2286679","SAP_Component":"BC-WD-JAV","Title":"Whitelist-Service-API f\u00c3\u00bcr Clickjacking-Framing-Schutz in JAVA auf Framework- oder Anwendungsebene erforderlich","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Sonderentwicklungen","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-23","First_released_on":"2016-07-12","Link":"https:\/\/me.sap.com\/notes\/2286679"},{"Id":"2307916","SAP_Component":"CRM-BF-PC","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in Komponente CRM-BF-PC","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2307916"},{"Id":"2308378","SAP_Component":"XX-CSC-OM-FI","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in der Finanzbuchhaltung","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/2308378"},{"Id":"2319577","SAP_Component":"XX-CSC-PT-FICA","Title":"SQL Injection in SAF-T Portugal","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-27","First_released_on":"2020-10-27","Link":"https:\/\/me.sap.com\/notes\/2319577"},{"Id":"2331141","SAP_Component":"XX-CSC-RU","Title":"SQL-Injection-Schwachstelle in SAP-CIS-L\u00c3\u00a4nderlokalisierungs-XML-Generierer","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Korrektur der gesetzlichen Funktion","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-03-13","Link":"https:\/\/me.sap.com\/notes\/2331141"},{"Id":"2333957","SAP_Component":"CA-UI2-INT-FE","Title":"Clickjacking-Framing-Schutz im SAP Fiori Launchpad f\u00c3\u00bcr SAP NetWeaver AS ABAP basierend auf einer Liste zul\u00c3\u00a4ssiger Dom\u00c3\u00a4nen","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Beratung","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2016-07-12","Link":"https:\/\/me.sap.com\/notes\/2333957"},{"Id":"2335198","SAP_Component":"LO-MD-BP-VM","Title":"[CVE-2023-32112] Fehlende Berechtigungspr\u00c3\u00bcfung in Lieferantenstammhierarchie","CVSS_Score":"2.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/2335198"},{"Id":"2383017","SAP_Component":"BC-FES-CTL","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in SAP-GUI-HTML-Control","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2383017"},{"Id":"2392860","SAP_Component":"BC-SRV-RM","Title":"Ausnutzen von Berechtigungen durch kundeneigenen Transaktionscode","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-09-14","First_released_on":"2017-02-14","Link":"https:\/\/me.sap.com\/notes\/2392860"},{"Id":"2393937","SAP_Component":"AP-PRC-PR","Title":"VMC-Berechtigungspr\u00c3\u00bcfung","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2393937"},{"Id":"2407193","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2018-2442] Cross-Site Request Forgery (CSRF) im Web-Intelligence-BI-Launchpad","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2407193"},{"Id":"2425129","SAP_Component":"BC-UPG-NA","Title":"Schwachstelle: Fehlende XML-Validierung in SAP Note Assistant","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-29","First_released_on":"2017-06-13","Link":"https:\/\/me.sap.com\/notes\/2425129"},{"Id":"2429274","SAP_Component":"IS-B-BCA","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen in SAP Enterprise Financial Services","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-09-22","First_released_on":"2019-01-22","Link":"https:\/\/me.sap.com\/notes\/2429274"},{"Id":"2449974","SAP_Component":"SD-CAS-SA","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ECC Sales Support","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2449974"},{"Id":"2460948","SAP_Component":"IS-A-VMS","Title":"Missing Authorization Check in Vehicle Management System","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-27","First_released_on":"2021-11-23","Link":"https:\/\/me.sap.com\/notes\/2460948"},{"Id":"2469377","SAP_Component":"FIN-TMF-BR-CIAP","Title":"Missing Authorization check in CIAP","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-18","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2469377"},{"Id":"2473860","SAP_Component":"FIN-FSCM-TRM-TM","Title":"Berechtigungspr\u00c3\u00bcfung f\u00c3\u00bcr RFC in SAP Finance Transaction Manager","CVSS_Score":"4.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-17","First_released_on":"2019-01-17","Link":"https:\/\/me.sap.com\/notes\/2473860"},{"Id":"2475705","SAP_Component":"FIN-FSCM-IHC","Title":"Switchable Authorization checks for RFC in In House Cash","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-23","First_released_on":"2021-02-23","Link":"https:\/\/me.sap.com\/notes\/2475705"},{"Id":"2480837","SAP_Component":"IS-A","Title":"Missing Authorization check in Discrete Industries and Mill Products","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-25","First_released_on":"2019-07-23","Link":"https:\/\/me.sap.com\/notes\/2480837"},{"Id":"2484231","SAP_Component":"IS-ADEC-ETM","Title":"Missing Authorization Check in DIMP Industry Solution (Equipment and Tools Management & Bills of Services)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-12-14","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/2484231"},{"Id":"2486446","SAP_Component":"IS-R-BD-PCT-IN","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in PRICAT-Eingang und PRICAT-Ausgang","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-27","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2486446"},{"Id":"2490047","SAP_Component":"LO-MD-BP-CM","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in Kundenstammdaten","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2490047"},{"Id":"2490973","SAP_Component":"SRM-EBP-INT","Title":"Missing Authorization check in SAP SRM","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2490973"},{"Id":"2494184","SAP_Component":"BC-SYB-SQA","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in mehreren SAP-Sybase-Produkten","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-11-14","First_released_on":"2017-08-08","Link":"https:\/\/me.sap.com\/notes\/2494184"},{"Id":"2495144","SAP_Component":"FI-CF-INF","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in Central Finance","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2017-11-22","Link":"https:\/\/me.sap.com\/notes\/2495144"},{"Id":"2495462","SAP_Component":"FI-LA","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in SAP Leasing","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-28","First_released_on":"2020-01-14","Link":"https:\/\/me.sap.com\/notes\/2495462"},{"Id":"2495712","SAP_Component":"IS-A","Title":"Missing authorization check in SAP Automotive Solutions","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/2495712"},{"Id":"2496977","SAP_Component":"PSM-GPR","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen in SAP ERP","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2496977"},{"Id":"2498083","SAP_Component":"FIN-FSCM-TRM-CRM","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Commodity Risk Management (Pflege von Commodity-Kurven)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2498083"},{"Id":"2501605","SAP_Component":"IS-A-VMS","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung im SAP-Vehicle-Management-System (VMS-System)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2501605"},{"Id":"2502878","SAP_Component":"LO-RFM-MD-QO","Title":"FM MD_SINGLE_ROUNDING should be RFC enabled and necessary authorization check done.","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-10","First_released_on":"2018-08-10","Link":"https:\/\/me.sap.com\/notes\/2502878"},{"Id":"2504979","SAP_Component":"MDM-FN-MDS-SEC","Title":"Upgrade von SSL-Unterst\u00c3\u00bctzung auf TLSv1.2","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-12-10","First_released_on":"2019-12-10","Link":"https:\/\/me.sap.com\/notes\/2504979"},{"Id":"2506751","SAP_Component":"XX-CSC-PT-FI","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in \"Digitale Unterschrift Portugal\" (SIPT)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/2506751"},{"Id":"2518906","SAP_Component":"BI-RA-CRE-VIE","Title":"Schwachstelle in Crystal Reports Web Viewers","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-06-21","First_released_on":"2018-06-21","Link":"https:\/\/me.sap.com\/notes\/2518906"},{"Id":"2519562","SAP_Component":"XX-CSC-AR-LO","Title":"Missing Authorization check in XX-CSC-AR-LO","CVSS_Score":"0.0","CVSS_Vector":"CVSS:3.0\/AV:\/AC:\/PR:\/UI:\/S:\/C:\/I:\/A:","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-30","First_released_on":"2018-07-04","Link":"https:\/\/me.sap.com\/notes\/2519562"},{"Id":"2522527","SAP_Component":"SD-BIL","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC der SD\/FI-CA Integration f\u00c3\u00bcr verteilte Systeme","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-02","First_released_on":"2018-08-02","Link":"https:\/\/me.sap.com\/notes\/2522527"},{"Id":"2522794","SAP_Component":"XX-CSC-PT-LO","Title":"Missing Authorization check in Portugal Digital Signature","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-08-09","First_released_on":"2022-08-09","Link":"https:\/\/me.sap.com\/notes\/2522794"},{"Id":"2523290","SAP_Component":"BI-BIP-INV","Title":"[CVE-2018-2432] Header-Manipulations-Schwachstelle in BI Launchpad und CMC","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2523290"},{"Id":"2524203","SAP_Component":"FI-CA","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in SAP ERP Contract Accounts Receivable & Payable","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2524203"},{"Id":"2527346","SAP_Component":"PSM-GPR","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen in SAP ERP","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2527346"},{"Id":"2528799","SAP_Component":"SRM-EBP-INT","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in SRM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2528799"},{"Id":"2530147","SAP_Component":"IS-DFS-MM-STO","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung im DFPS-Umlagerungsprozess","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-20","First_released_on":"2018-11-20","Link":"https:\/\/me.sap.com\/notes\/2530147"},{"Id":"2531036","SAP_Component":"FI-CAX-FS","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC BCA_DIM_RESET_TRIGGER_TABLE in Darlehen (FI-CAX-FS)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-02-08","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2531036"},{"Id":"2531082","SAP_Component":"FI-CAX-FS","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC BCA_DIM_LOANS_APPLOG_UPDATE in Darlehen (FI-CAX-FS)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2531082"},{"Id":"2534991","SAP_Component":"FS-CD","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in FS-CD","CVSS_Score":"6.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-27","First_released_on":"2019-08-27","Link":"https:\/\/me.sap.com\/notes\/2534991"},{"Id":"2537935","SAP_Component":"LO-HU-PR","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in Handling Unit Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-09-10","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2537935"},{"Id":"2537961","SAP_Component":"MM-PUR-GF","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in MM-PUR-GF","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-09-08","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2537961"},{"Id":"2539437","SAP_Component":"CRM-MSE","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in SAP CRM (MSE R3 EDITION)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2539437"},{"Id":"2540180","SAP_Component":"EHS-BD-TLS","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in Environment, Health & Safety","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2540180"},{"Id":"2541823","SAP_Component":"CRM-BTX-BF-EBI","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in SAP CRM (externe Fakturierung)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-23","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2541823"},{"Id":"2557167","SAP_Component":"BI-RA-CRE","Title":"Potenzielle Code-Injection-Schwachstelle in Crystal-Reports-Java-Komponenten","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2557167"},{"Id":"2561202","SAP_Component":"BI-RA-WBI-BE-DP","Title":"Command Injection durch Web-Intelligence-Bericht- oder Datenprovider-Export","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2561202"},{"Id":"2569748","SAP_Component":"BI-RA-CRE","Title":"XML-External-Entity-Schwachstelle in Crystal Reports for Enterprise","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2569748"},{"Id":"2574897","SAP_Component":"CA-WUI-UI","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in SAP-CRM-WebClient-UI","CVSS_Score":"6.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2574897"},{"Id":"2588763","SAP_Component":"CA-WUI-UI-TAG","Title":"[CVE-2019-0244] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM WebClient UI","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2588763"},{"Id":"2590705","SAP_Component":"BC-XS-SEC","Title":"[CVE-2018-2451] Unsichere Timeout-Behandlung einer XS-CLI-Session in den Erweiterten Anwendungsservices von SAP HANA","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2590705"},{"Id":"2593479","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"Serverzertifikate und Hostnamen verwalteter Systeme pr\u00c3\u00bcfen","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Modifikation","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2018-06-15","Link":"https:\/\/me.sap.com\/notes\/2593479"},{"Id":"2597913","SAP_Component":"BC-CST-GW","Title":"[CVE-2018-2433] Denial-of-Service-Schwachstelle (DoS) in SAP-Gateway","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2597913"},{"Id":"2601676","SAP_Component":"CA-WUI-UI","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in SAP-CRM-WebClient-UI","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2601676"},{"Id":"2602928","SAP_Component":"CA-WUI-UI","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in Texteditoren f\u00c3\u00bcr SAP-CRM-WebClient-UI","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2602928"},{"Id":"2603398","SAP_Component":"LO-MDS-AL","Title":"Missing authorization check in Allocation Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2603398"},{"Id":"2604054","SAP_Component":"CA-GTF-PWB","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in Druckworkbench","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-06-26","First_released_on":"2018-06-26","Link":"https:\/\/me.sap.com\/notes\/2604054"},{"Id":"2606194","SAP_Component":"CRM-IC-FRW","Title":"Cross-Site Scripting (XSS) vulnerability in CRM Interaction Center","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-09-09","First_released_on":"2020-09-09","Link":"https:\/\/me.sap.com\/notes\/2606194"},{"Id":"2607126","SAP_Component":"BC-XI-IBF","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in Enterprise Services Repository von SAP Process Integration","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-11-09","First_released_on":"2021-11-09","Link":"https:\/\/me.sap.com\/notes\/2607126"},{"Id":"2607692","SAP_Component":"CA-WUI-UI","Title":"[CVE-2019-0245] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM WebClient UI","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2607692"},{"Id":"2610231","SAP_Component":"BC-DB-SDB-DBA","Title":"[CVE-2018-2418] Code-Injection-Schwachstelle in SAP-MaxDB-ODBC-Treiber","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-06-29","First_released_on":"2018-05-08","Link":"https:\/\/me.sap.com\/notes\/2610231"},{"Id":"2614229","SAP_Component":"BI-RA-WBI-BE-DP","Title":"Speicherbesch\u00c3\u00a4digungs-Schwachstelle in Plattform SAP BusinessObjects Business Intelligence","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2614229"},{"Id":"2618337","SAP_Component":"EIM-DS-DES","Title":"[CVE-2018-2466] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Data Services Management Console","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Vorgezogene Entwicklung","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2618337"},{"Id":"2620738","SAP_Component":"BI-RA-CR-VW","Title":"[CVE-2018-2427] Code-Injection-Schwachstelle in SAP Crystal Reports","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2620738"},{"Id":"2621395","SAP_Component":"EPM-BFC-TCL","Title":"[CVE-2018-2444] Cross-Site-Scripting-(XSS)-Schwachstelle in SAP Financial Consolidation","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2621395"},{"Id":"2622434","SAP_Component":"BC-CST-NI","Title":"Offenlegung von Informationen zum Kennwort in SAProuter","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2622434"},{"Id":"2622660","SAP_Component":"BC-FES-BUS-DSK","Title":"Sicherheitsupdates f\u00c3\u00bcr Browser-Control Google Chromium in SAP Business Client","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2024-04-23","First_released_on":"2018-04-10","Link":"https:\/\/me.sap.com\/notes\/2622660"},{"Id":"2623618","SAP_Component":"BI-RA-WBI-SDK","Title":"[CVE-2018-2467] Schwachstelle mit Blick auf Offenlegung von Dateipfad in SAP Business Intelligence Software Development Kit","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2623618"},{"Id":"2623846","SAP_Component":"BC-JAS-SEC-LGN","Title":"[CVE-2018-2452] Cross-Site-Scripting in NW-AS-Java-Anmeldeanwendung","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2623846"},{"Id":"2624762","SAP_Component":"BI-RA-CR-VW","Title":"[CVE-2018-2431] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Crystal Reports","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2624762"},{"Id":"2630018","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2018-2445] Server-Side-Request-Forgery-Schwachstelle (SSRF) in AdminTools der BI-Plattform-Server f\u00c3\u00bcr SAP BusinessObjects","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-09-10","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2630018"},{"Id":"2633180","SAP_Component":"CA-UI5-ABA-SAR","Title":"[CVE-2018-2434] Content-Spoofing-Schwachstelle in Komponente SAP_UI","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2633180"},{"Id":"2633366","SAP_Component":"BC-ABA-XML","Title":"Denial-of-Service (DOS) im iXML-Toolset von SAP-Kernel","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2633366"},{"Id":"2633846","SAP_Component":"BI-BIP-QB","Title":"[CVE-2018-2446] Schwachstelle mit Blick auf Offenlegung von Informationen in BI Query Builder","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2633846"},{"Id":"2634023","SAP_Component":"QM-QN","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung bei Verwendung von CDS-Views (oder) OData-Services in QM-QN","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-27","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/2634023"},{"Id":"2637727","SAP_Component":"FIN-FSCM-CLM","Title":"[CVE-2024-24739] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Bank Account Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/2637727"},{"Id":"2637997","SAP_Component":"BI-BIP-ADC","Title":"[CVE-2019-0303] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (Administrationskonsole)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2637997"},{"Id":"2638175","SAP_Component":"BI-BIP-INV","Title":"[CVE-2019-0251] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Business Objects SAP Fiori Launchpad","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2638175"},{"Id":"2638217","SAP_Component":"FI-CF-INF","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen in Central-Finance-Infrastrukturkomponenten","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2024-05-28","First_released_on":"2018-06-13","Link":"https:\/\/me.sap.com\/notes\/2638217"},{"Id":"2638288","SAP_Component":"BW4-AE","Title":"Offenlegung von Informationen in OLAP-Querys","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2018-08-17","First_released_on":"2018-08-17","Link":"https:\/\/me.sap.com\/notes\/2638288"},{"Id":"2641674","SAP_Component":"OPU-GW-COR","Title":"Schwachstelle durch unbeschr\u00c3\u00a4nkten Datei-Upload in SAP Gateway","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-25","First_released_on":"2018-06-12","Link":"https:\/\/me.sap.com\/notes\/2641674"},{"Id":"2642680","SAP_Component":"BC-JAS-SEC-LGN","Title":"[CVE-2018-2492] Fehlende XML-Validierung in SAP NetWeaver AS Java","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2642680"},{"Id":"2643126","SAP_Component":"EP-PIN-PRT","Title":"[CVE-2018-2435] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2643126"},{"Id":"2643371","SAP_Component":"BC-ABA-LA","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in ABAP Server File Interface","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-04-09","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2643371"},{"Id":"2643447","SAP_Component":"BC-ABA-LA","Title":"Directory-Traversal-Schwachstelle in ABAP Server File Interface","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2643447"},{"Id":"2644147","SAP_Component":"BC-FES-IGS","Title":"[CVE-2018-2439] Code-Injection-Schwachstelle in SAP Internet Graphics Server (IGS)","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2644147"},{"Id":"2644154","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2018-2447] SQL-Injection-Schwachstelle in BI Launchpad Web Intelligence","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2644154"},{"Id":"2644227","SAP_Component":"BC-FES-IGS","Title":"[CVE-2018-2437] Unberechtigte Ausf\u00c3\u00bchrung von Befehlen in SAP Internet Graphics Server (IGS)","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2644227"},{"Id":"2644238","SAP_Component":"BC-FES-IGS","Title":"[CVE-2018-2438] Denial-of-Service (DoS) im SAP Internet Graphics Server (IGS)","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2644238"},{"Id":"2644279","SAP_Component":"BW-BEX-ET-WJR-EXP","Title":"[CVE-2018-2462] Schwachstelle mit Blick auf fehlende XML-Validierung im Export-Web-Service der BEx-Java-Web-Laufzeit","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2644279"},{"Id":"2645133","SAP_Component":"IS-B-BCA-AM","Title":"[CVE-2018-2454] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP-Enterprise-Finanzdienstleistungen","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2645133"},{"Id":"2646067","SAP_Component":"IS-B-BCA-MD","Title":"[CVE-2018-2455] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP-Enterprise-Finanzdienstleistungen","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2646067"},{"Id":"2647714","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2018-2483] HTTP-Verb-Tampering-Schwachstelle SAP BI CMC","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2647714"},{"Id":"2652102","SAP_Component":"FS-PE","Title":"Missing Authorization checks for Templates and Business Partner Search in Payment Engine","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2652102"},{"Id":"2652186","SAP_Component":"BC-XI-CON-B2B","Title":"Denial of Service in B2B Adapters","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-28","First_released_on":"2018-08-28","Link":"https:\/\/me.sap.com\/notes\/2652186"},{"Id":"2652578","SAP_Component":"IS-R-PUR-RP","Title":"[CVE-2018-2436] Fehlende Berechtigungspr\u00c3\u00bcfung im Funktionsbaustein WRCK_STORE_LOESCH_KONSISTENZ","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2652578"},{"Id":"2653519","SAP_Component":"BC-IAM-IDM","Title":"[CVE-2018-2416] Schwachstelle im Zusammenhang mit fehlender XML-Pr\u00c3\u00bcfung in SAP Identity Management","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2653519"},{"Id":"2653846","SAP_Component":"SRM-CAT-MDM","Title":"[CVE-2018-2448] Offenlegung von Informationen im SRM MDM Catalog","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2653846"},{"Id":"2654905","SAP_Component":"BI-BIP-SRV","Title":"[CVE-2018-2471] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP-BusinessObjects-BI-Suite","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"HotNews","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2654905"},{"Id":"2655250","SAP_Component":"SRM-CAT-MDM","Title":"[CVE-2018-2449] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP SRM MDM Catalog","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-08-14","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2655250"},{"Id":"2655294","SAP_Component":"SCM-BAS-INT-EXT","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SCM-BAPIs","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/2655294"},{"Id":"2657670","SAP_Component":"BI-RA-WBI-BE","Title":"[CVE-2018-2473] Denial-of-Service-Schwachstelle (DoS) im dreistufigen Modus des Web-Intelligence-Rich-Clients","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2657670"},{"Id":"2658149","SAP_Component":"FI-FIO-AR","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in F2626 und F1680","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-06-28","First_released_on":"2018-06-28","Link":"https:\/\/me.sap.com\/notes\/2658149"},{"Id":"2658279","SAP_Component":"BC-JAS-SEC","Title":"[CVE-2018-2503] Falsche Standardberechtigungen im AS Java Keystore Service","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2658279"},{"Id":"2658755","SAP_Component":"BC-COM-FOR","Title":"[CVE-2018-2476] URL Redirection vulnerability in \"Forums in SAP NetWeaver\"","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2658755"},{"Id":"2659604","SAP_Component":"CRM-BF-COM","Title":"Cross-Site Scripting (XSS) Vulnerability in BSP application CRM_CM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-26","First_released_on":"2021-07-27","Link":"https:\/\/me.sap.com\/notes\/2659604"},{"Id":"2660005","SAP_Component":"BC-DB-SDB","Title":"[CVE-2018-2450] SQL-Injection-Schwachstelle in SAP MaxDB\/liveCache","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-02-25","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2660005"},{"Id":"2661033","SAP_Component":"SRM-EBP-INT","Title":"Missing Authorization check in RFC enabled function modules in SRM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-11-23","First_released_on":"2021-11-23","Link":"https:\/\/me.sap.com\/notes\/2661033"},{"Id":"2661740","SAP_Component":"EP-KM-TLS-XFB","Title":"[CVE-2018-2477] Schwachstelle mit Blick auf fehlende XML-Validierung von XML-External-Entity (XXE) in XMLForms von SAP NetWeaver Knowledge Management","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-12","Link":"https:\/\/me.sap.com\/notes\/2661740"},{"Id":"2662632","SAP_Component":"FI-FIO-AR","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in F0744","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-06-28","First_released_on":"2018-06-28","Link":"https:\/\/me.sap.com\/notes\/2662632"},{"Id":"2662687","SAP_Component":"IS-B-BCA-MD","Title":"[CVE-2018-2484] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Enterprise Financial Services","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-28","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2662687"},{"Id":"2664504","SAP_Component":"BC-JAS-TRH","Title":"Aktualisierung 1 zu SAP-Sicherheitshinweis 1715734","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2664504"},{"Id":"2664767","SAP_Component":"XX-PART-NXL","Title":"[CVE-2018-2440] Offenlegung vertraulicher Informationen in SAP Dynamic Authorization Management by NextLabs","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-07-10","First_released_on":"2018-07-10","Link":"https:\/\/me.sap.com\/notes\/2664767"},{"Id":"2665387","SAP_Component":"FIN-FIO-CLM","Title":"Schwachstelle des Cross-Site-Request Forgerys (XSRF) in Cash Management","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-01-12","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/2665387"},{"Id":"2665970","SAP_Component":"MFG-PCO","Title":"Missing XML Validation vulnerability in Plant Connectivity (PCo)","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-01","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2665970"},{"Id":"2667103","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2018-2472] Cross-Site-Scripting-Schwachstelle im SAP-Web-Intelligence-DHTML-Mandanten","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2667103"},{"Id":"2668681","SAP_Component":"CO-FIO","Title":"SAP-Schwachstelle der Cross-Site-Request-Forgery (CSRF) in \"Profitcenter verwalten\"","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-17","First_released_on":"2018-09-17","Link":"https:\/\/me.sap.com\/notes\/2668681"},{"Id":"2670284","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2018-2458] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2670284"},{"Id":"2671160","SAP_Component":"BC-CTS-TMS","Title":"[CVE-2018-2441] Fehlende Eingabepr\u00c3\u00bcfung in ABAP Change and Transport System (CTS)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-21","First_released_on":"2018-08-14","Link":"https:\/\/me.sap.com\/notes\/2671160"},{"Id":"2672919","SAP_Component":"MOB-ONP-OOD","Title":"[CVE-2018-2459] Information disclosure in SAP Mobile Platform server Offline OData","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2672919"},{"Id":"2673959","SAP_Component":"PA-FIO-PRO","Title":"[CVE-2018-2461] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP HCM Fiori-App \"Mitarbeiterprofil\"","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2673959"},{"Id":"2674215","SAP_Component":"MFG-PCO","Title":"Denial-of-Service (DOS) in OPC-UA-Anwendungen von SAP Plant Connectivity","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2674215"},{"Id":"2675696","SAP_Component":"BC-TRX-API","Title":"[CVE-2018-2478] Remote Code Execution on TREX\/BWA","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2675696"},{"Id":"2675775","SAP_Component":"CRM-MW","Title":"Switchable Authorization checks for RFC in CRM Middleware","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/2675775"},{"Id":"2676094","SAP_Component":"BI-BIP-BIW","Title":"[CVE-2018-2479] Cross-Site-Scripting-Schwachstelle im BI-Arbeitsbereich","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2676094"},{"Id":"2677002","SAP_Component":"SV-SMG-INS-CFG-MNG","Title":"Unzul\u00c3\u00a4ssige Kennwortverarbeitung in SAP Solution Manager","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-08-23","Link":"https:\/\/me.sap.com\/notes\/2677002"},{"Id":"2678615","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2018-2468] Offenlegung von Informationen in SAP Adaptive Server Enterprise\/Backup-Server","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2678615"},{"Id":"2679378","SAP_Component":"BC-WD-JAV","Title":"[CVE-2018-2464] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver WebDynpro Java","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2679378"},{"Id":"2679788","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2018-2457] Offenlegung von Informationen in SAP Adaptive Server Enterprise","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2679788"},{"Id":"2679789","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2018-2469] Offenlegung von Informationen in SAP Adaptive Server Enterprise","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2679789"},{"Id":"2680492","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2018-2502] Unsichere HTTP-Methode in Serviceschicht von SAP Business One aktiviert","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2680492"},{"Id":"2680834","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2018-2463] Server-Side-Request-Forgery-Schwachstelle (SSRF) in SAP Hybris Commerce","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2680834"},{"Id":"2681207","SAP_Component":"HAN-AS-XS","Title":"[CVE-2018-2465] Schwachstelle im Zusammenhang mit fehlender XML-Pr\u00c3\u00bcfung in den erweiterten Anwendungsservices von SAP HANA, klassisches Modell","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-09-20","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2681207"},{"Id":"2681280","SAP_Component":"HAN-SDS","Title":"Security vulnerability in Spring Framework library used by SAP HANA Streaming Analytics","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"HotNews","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2681280"},{"Id":"2682503","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2018-2460] Unsichere Zertifikatsverifizierung in Android-App f\u00c3\u00bcr SAP Business One","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2018-09-11","First_released_on":"2018-09-11","Link":"https:\/\/me.sap.com\/notes\/2682503"},{"Id":"2684760","SAP_Component":"BC-BSP","Title":"[CVE-2018-2470] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP Business Server Pages","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-18","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2684760"},{"Id":"2686535","SAP_Component":"MFG-MII","Title":"[CVE-2019-0267] Cross-Site Request Forgery in Implementierung von SAP Manufacturing Integration and Intelligence","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2686535"},{"Id":"2687663","SAP_Component":"BI-RA-CRV","Title":"[CVE-2019-0285] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Crystal Reports","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-04-09","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2687663"},{"Id":"2688018","SAP_Component":"PA-FIO-LEA","Title":"[CVE-2018-2474] Cross-Site-Request-Forgery-Schwachstelle (CSRF) in SAP-App 'Abwesenheitsantr\u00c3\u00a4ge genehmigen' (V2)","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2688018"},{"Id":"2688383","SAP_Component":"SCM-BAS-EHS-DG","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in Gefahrgutabwicklung der EHS Services in SCM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2688383"},{"Id":"2689259","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2019-0268] Schwachstelle mit Blick auf fehlende XML-Validierung im CMC-Modul der BI-Plattform-Server f\u00c3\u00bcr SAP BusinessObjects","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2689259"},{"Id":"2689925","SAP_Component":"BC-JAS-SEC-LGN","Title":"[CVE-2019-0275] Cross-Site-Scripting-Schwachstelle (XSS) in der Demo-App von SAP NW SAML 1.1 SSO","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2689925"},{"Id":"2690274","SAP_Component":"FI-CF-INF","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC in SAP Central Finance - Datenfluss\u00c3\u00bcberpr\u00c3\u00bcfung","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2690274"},{"Id":"2691126","SAP_Component":"MOB-FC","Title":"[CVE-2018-2485] Sicherheitsschwachstellen in SAP Fiori Client","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2691126"},{"Id":"2693083","SAP_Component":"CA-GTF-RCM","Title":"[CVE-2018-2481] Nutzen von Berechtigungen \u00c3\u00bcber Kundentransaktionscode","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2693083"},{"Id":"2693962","SAP_Component":"BI-BIP-BIW","Title":"[CVE-2019-0269] Cross-Site-Scripting-Schwachstelle (XSS) im BI-Arbeitsbereich von SAP BusinessObjects","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2693962"},{"Id":"2695210","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2020-6189] Schwachstelle mit Blick auf Offenlegung von Informationen in Central Management Console von SAP BusinessObjects Business Intelligence","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2695210"},{"Id":"2695776","SAP_Component":"MOB-SDK-ODP","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Mobile Platform Native SDK, Android","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-01-14","Link":"https:\/\/me.sap.com\/notes\/2695776"},{"Id":"2696233","SAP_Component":"BC-MID-SCC","Title":"[CVE-2019-0246] Mehrere Schwachstellen im SAP Cloud Connector","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2696233"},{"Id":"2696714","SAP_Component":"BI-RA-WBI-SDK","Title":"[CVE-2019-0262] Cross-Site-Scripting-Schwachstelle (XSS) im Web-Intelligence-BI-Launchpad","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2696714"},{"Id":"2696889","SAP_Component":"PA-FIO-LEA","Title":"[CVE-2018-2474] Cross-Site-Request-Forgery-Schwachstelle (CSRF) in SAP-App 'Abwesenheitsantr\u00c3\u00a4ge genehmigen' (V2)","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2696889"},{"Id":"2696962","SAP_Component":"MOB-SDK-IOS","Title":"Denial-of-Service-Schwachstelle (DoS) in SAPFoundation\/Datenbank","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-10-09","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2696962"},{"Id":"2697573","SAP_Component":"CEC-COM-CPS-WEB","Title":"[CVE-2019-0238] Cross-Site-Scripting-(XSS)-Schwachstelle in SAP Commerce (fr\u00c3\u00bcher SAP Hybris Commerce)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2697573"},{"Id":"2698996","SAP_Component":"BC-CUS-TOL-CST","Title":"[CVE-2018-2494] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Customizing Tools","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2698996"},{"Id":"2699233","SAP_Component":"EPM-EA-DEP","Title":"[CVE-2018-2499] Information Disclosure in SAP Financial Consolidation Cube Designer","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2699233"},{"Id":"2699726","SAP_Component":"BC-CP-K8S","Title":"[CVE-2018-2475] Fehlende Netzwerkisolierung in Gardener","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-10-31","First_released_on":"2018-10-09","Link":"https:\/\/me.sap.com\/notes\/2699726"},{"Id":"2701027","SAP_Component":"BI-BIP-MON","Title":"[CVE-2019-0398] Cross-Site-Request-Forgery-Schwachstelle (CSRF-Schwachstelle) in SAP-BusinessObjects-Business-Intelligence-Plattform (Monitoring-Anwendung)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-12-10","First_released_on":"2019-12-10","Link":"https:\/\/me.sap.com\/notes\/2701027"},{"Id":"2701410","SAP_Component":"EPM-DSM-GEN","Title":"[CVE-2018-2487] Zip Slip in SAP Disclosure Management","CVSS_Score":"0.0","CVSS_Vector":"","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2018-11-13","First_released_on":"2018-11-13","Link":"https:\/\/me.sap.com\/notes\/2701410"},{"Id":"2704878","SAP_Component":"HAN-DB-SEC","Title":"[CVE-2018-2497] Ereignis ist im Audit-Protokoll der SAP-HANA-Datenbank nicht protokolliert","CVSS_Score":"2.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2704878"},{"Id":"2705204","SAP_Component":"CEC-MKT-MEM","Title":"[CVE-2018-2486] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Marketing Content Studio","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2705204"},{"Id":"2705945","SAP_Component":"FI-LOC-SRF-RUN","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in SAP S\/4HANA f\u00c3\u00bcr erweitertes Compliance-Reporting\/\"Erweiterte gesetzliche Berichte ausf\u00c3\u00bchren\"","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-25","First_released_on":"2019-01-17","Link":"https:\/\/me.sap.com\/notes\/2705945"},{"Id":"2706798","SAP_Component":"EPM-DSM-GEN","Title":"[CVE-2019-0254] Cross-Site-Scripting-(XSS)-Schwachstelle in SAP Disclosure Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2706798"},{"Id":"2707024","SAP_Component":"MOB-AFA-DEV","Title":"[CVE-2018-2500] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Mobile Secure f\u00c3\u00bcr Android-Client","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2707024"},{"Id":"2709897","SAP_Component":"BC-EAD","Title":"Directory Traversal vulnerability in SAP Enterprise Architecture Designer v1.0 SP04","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2709897"},{"Id":"2711074","SAP_Component":"FI-LOC-SRF-DEF","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in SAP S\/4HANA f\u00c3\u00bcr erweitertes Compliance-Reporting\/\"Erweiterte gesetzliche Berichte definieren\"","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Vorgezogene Entwicklung","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2711074"},{"Id":"2711425","SAP_Component":"CEC-COM-CPS-CKP","Title":"[CVE-2018-2505] Cross-Site-Scripting-Schwachstelle (XSS-Schwachstelle) in SAP Hybris Commerce Storefronts","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"HotNews","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2711425"},{"Id":"2718993","SAP_Component":"BC-JAS-WEB","Title":"[CVE-2018-2504] Cross-Site Scripting mittels Host-Header in SAP NetWeaver AS Java","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Customizing","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2018-12-11","First_released_on":"2018-12-11","Link":"https:\/\/me.sap.com\/notes\/2718993"},{"Id":"2719415","SAP_Component":"FI-LOC-SRF-RUN","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in SAP S\/4HANA f\u00c3\u00bcr erweitertes Compliance-Reporting\/\"Erweiterte gesetzliche Berichte ausf\u00c3\u00bchren\"","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-28","First_released_on":"2019-01-28","Link":"https:\/\/me.sap.com\/notes\/2719415"},{"Id":"2719440","SAP_Component":"SRM-EBP-INT","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in S\/4HANA","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2719440"},{"Id":"2719530","SAP_Component":"BC-SRV-COM-FTP","Title":"[CVE-2019-0304] Code-Injection-Schwachstelle in SAP NetWeaver AS ABAP Platform (FTP-Funktion)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2719530"},{"Id":"2723142","SAP_Component":"OPU-GW-COR","Title":"[CVE-2019-0248] Offenlegung von Informationen in SAP Gateway des ABAP Application Server","CVSS_Score":"4.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2723142"},{"Id":"2723570","SAP_Component":"BC-ABA-SC","Title":"[CVE-2019-0255] ABAP-Plattform bietet Zugriff auf Easy-Access-Men\u00c3\u00bc","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2723570"},{"Id":"2723878","SAP_Component":"SBO-MOB-APP","Title":"[CVE-2019-0256] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One Mobile-App f\u00c3\u00bcr Android","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2723878"},{"Id":"2724014","SAP_Component":"EPM-DSM-GEN","Title":"[CVE-2019-0258] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Disclosure Management","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2724014"},{"Id":"2724059","SAP_Component":"MOB-APP-BI-AND","Title":"[CVE-2019-0240] Denial-of-Service (DoS) in SAP BusinessObjects Mobile f\u00c3\u00bcr Android","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2724059"},{"Id":"2724713","SAP_Component":"BC-XS-RT","Title":"[CVE-2019-0266] M\u00c3\u00b6gliche Offenlegung von Informationen bei in den Erweiterten Anwendungsservices von SAP HANA, erweitertes Modell","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2724713"},{"Id":"2724788","SAP_Component":"XX-PART-ADB-PRN","Title":"Diverse Schwachstellen in Adobe PDF Print Library","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-01-18","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2724788"},{"Id":"2725538","SAP_Component":"MOB-SDK-AGC","Title":"[CVE-2019-0241] Denial-of-Service-Schwachstelle (DoS) in SAP Work Manager und SAP Inventory Manager","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2725538"},{"Id":"2726124","SAP_Component":"IS-A","Title":"Missing Authorization Check in multiple components under SAP Automotive Solutions","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-27","First_released_on":"2022-06-28","Link":"https:\/\/me.sap.com\/notes\/2726124"},{"Id":"2727564","SAP_Component":"BI-BIP-VD","Title":"[CVE-2019-0259] Schwachstelle bzgl. uneingeschr\u00c3\u00a4nktem Datei-Upload in BO 4.2\/Visual Difference","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2727564"},{"Id":"2727623","SAP_Component":"BW4-DM-MD","Title":"[CVE-2019-0243] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP BW\/4HANA","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2727623"},{"Id":"2727624","SAP_Component":"BC-VCM-LVM","Title":"[CVE-2019-0249] Offenlegung von Informationen in SAP Landscape Management","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-01-08","First_released_on":"2019-01-08","Link":"https:\/\/me.sap.com\/notes\/2727624"},{"Id":"2727689","SAP_Component":"BC-ABA-SC","Title":"[CVE-2019-0270] Fehlende Berechtigungspr\u00c3\u00bcfung in ABAP Server von SAP NetWeaver","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2727689"},{"Id":"2728153","SAP_Component":"IS-A-DP","Title":"[CVE-2019-0311] Cross-Site-Scripting-Schwachstelle (XSS) im H\u00c3\u00a4ndler-Portal f\u00c3\u00bcr die Automobilindustrie von SAP-R\/3-Unternehmensanwendung","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2728153"},{"Id":"2728839","SAP_Component":"BC-CUS-TOL-IMG","Title":"[CVE-2019-0257] Fehlende Berechtigungspr\u00c3\u00bcfung in der ABAP-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2728839"},{"Id":"2729710","SAP_Component":"BC-CCM-SLD-REG","Title":"[CVE-2019-0265] XML External Entity (XXE): Schwachstelle in der SLD-Registrierung von SAP NetWeaver und der ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-04-09","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2729710"},{"Id":"2730227","SAP_Component":"FI-CF-APR","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung im zentralen Zahlen von SAP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-12-10","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2730227"},{"Id":"2731871","SAP_Component":"CA-CPD-WS","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Commercial Project Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2731871"},{"Id":"2732527","SAP_Component":"MFG-PCO","Title":"Schwachstelle f\u00c3\u00bcr m\u00c3\u00b6glichen Oracle-Angriff auf OPC-UA-Server in SAP Plant Connectivity","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Beratung","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2732527"},{"Id":"2733219","SAP_Component":"FIN-FIO-CCD","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in SAP-Fiori-App \"Forderungsliste bearbeiten\"","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-23","First_released_on":"2019-07-23","Link":"https:\/\/me.sap.com\/notes\/2733219"},{"Id":"2733972","SAP_Component":"BW-BEX-OT-BICS-INA","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in BICS-InA-Schnittstelle","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-02-26","First_released_on":"2019-02-26","Link":"https:\/\/me.sap.com\/notes\/2733972"},{"Id":"2734580","SAP_Component":"BC-MID-ICF-LGN","Title":"Offenlegung von Informationen im SAP-ABAP-Server","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2734580"},{"Id":"2734675","SAP_Component":"FIN-FSCM-CLM-BAM","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Cash Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-12-10","First_released_on":"2019-12-10","Link":"https:\/\/me.sap.com\/notes\/2734675"},{"Id":"2735924","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2019-0352] Falsches Sitzungsmanagement in SAP-BusinessObjects-Business-Intelligence-Plattform (CMC)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:P\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2735924"},{"Id":"2736825","SAP_Component":"BC-ABA-XML","Title":"[CVE-2019-0271] Schwachstelle in ABAP Server in Verbindung mit einem Denial-of-Service per XML External Entity (XXE)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Beratung","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2736825"},{"Id":"2737278","SAP_Component":"BI-BIP-SRV","Title":"[CVE-2019-0287] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform \/ Central Management Server","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2737278"},{"Id":"2738065","SAP_Component":"EHS-SUS-FND","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP EHS (aufgabenbezogene Anwendungen)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2738065"},{"Id":"2738791","SAP_Component":"BC-JAS-SF","Title":"[CVE-2019-0318] Offenlegung von Informationen in SAP NetWeaver AS Java (Startup-Framework)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2738791"},{"Id":"2738796","SAP_Component":"BI-RA-AWB","Title":"[CVE-2019-0289] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform \/ SAP Analysis f\u00c3\u00bcr OLAP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2738796"},{"Id":"2740951","SAP_Component":"LO-INT-COD","Title":"Fehlende Berechtigungspr\u00c3\u00bcfungen in RFC-f\u00c3\u00a4higen Funktionsbausteinen","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2740951"},{"Id":"2741201","SAP_Component":"BC-XI-CON-MSG","Title":"[CVE-2019-0278] Offenlegung von Informationen in der SAP NetWeaver Process Integration (Meldungssystem)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-04-09","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2741201"},{"Id":"2741937","SAP_Component":"FI-CF-CO","Title":"SQL-Injection-Schwachstelle in Central-Finance-CO","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-12-10","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2741937"},{"Id":"2742027","SAP_Component":"BC-XS-SEC","Title":"[CVE-2019-0261] Fehlende Berechtigungspr\u00c3\u00bcfung in den Erweiterten Anwendungsservices von SAP HANA, erweitertes Modell","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-02-12","First_released_on":"2019-02-12","Link":"https:\/\/me.sap.com\/notes\/2742027"},{"Id":"2742468","SAP_Component":"BI-BIP-INV","Title":"[CVE-2019-0331] Mehrere Schwachstellen in SAP-BusinessObjects-Business-Intelligence-Plattform (BI-Arbeitsbereich, InfoView and CMC)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2742468"},{"Id":"2742758","SAP_Component":"BC-XI-IS-WKB","Title":"[CVE-2019-0282] Offenlegung von Informationen in SAP NetWeaver PI Runtime Workbench","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-04-09","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2742758"},{"Id":"2743011","SAP_Component":"LO-RFM-MD-SIT","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in DRF - Betriebsstammverteilung \/ WBTIMEX","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2743011"},{"Id":"2743329","SAP_Component":"FIN-FSCM-IHC","Title":"Schaltbare Berechtigungspr\u00c3\u00bcfungen f\u00c3\u00bcr RFC-Baustein in SAP In-House Cash","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/2743329"},{"Id":"2744086","SAP_Component":"BC-XI-IBF-UI","Title":"[CVE-2019-0312] Information Disclosure in SAP NetWeaver Process Integration","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2744086"},{"Id":"2744937","SAP_Component":"FIN-FSCM-TRM-TM","Title":"[CVE-2019-0280] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Treasury and Risk Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2744937"},{"Id":"2745211","SAP_Component":"BC-XI-CON-AXS","Title":"Offenlegung von Informationen, PI-Axis-Adapter","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-28","First_released_on":"2019-12-10","Link":"https:\/\/me.sap.com\/notes\/2745211"},{"Id":"2745860","SAP_Component":"BC-XI-IBD-INF","Title":"Offenlegung von Informationen im Enterprise Services Repository der SAP Process Integration","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2021-05-11","Link":"https:\/\/me.sap.com\/notes\/2745860"},{"Id":"2745917","SAP_Component":"BC-XI-IBF-UI","Title":"[CVE-2019-0316] Cross-Site Scripting (XSS) vulnerability in Integration Builder of SAP NetWeaver Process Integration","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2745917"},{"Id":"2746946","SAP_Component":"FI-CA-INV-FIO","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Convergent Invoicing","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2746946"},{"Id":"2747062","SAP_Component":"BC-WD-ABA","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in SAP Web Dynpro ABAP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-28","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2747062"},{"Id":"2747683","SAP_Component":"BC-XI-CON-AXS","Title":"[CVE-2019-0283] SAP NetWeaver Process Integration (Adapter Engine): Schwachstelle in Bezug auf einen m\u00c3\u00b6glichen Spoofing-Angriff auf digitale Signaturen","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:C\/C:L\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-04-09","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2747683"},{"Id":"2748048","SAP_Component":"BC-SEC-LGN","Title":"Verwendung von Berechtigungen im ABAP-Server von SAP NetWeaver und ABAP-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-04-09","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2748048"},{"Id":"2748063","SAP_Component":"BC-SEC-LGN-SML","Title":"Falsches Session-Management im ABAP-Server von SAP NetWeaver und ABAP-Plattform","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:P\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2748063"},{"Id":"2748699","SAP_Component":"SV-SMG-DIA-WLY-EMS","Title":"[CVE-2019-0291] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Solution Manager 7.2\/CA Introscope Enterprise Manager","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2748699"},{"Id":"2751470","SAP_Component":"BI-BIP-SL-ENG-BW","Title":"[CVE-2019-0348] Verschl\u00c3\u00bcsselung nicht erzwungen in SAP-BusinessObjects-Business-Intelligence-Plattform (Web Intelligence)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2751470"},{"Id":"2751806","SAP_Component":"CRM-BF-ML","Title":"[CVE-2019-0368] Cross-Site Scripting (XSS) vulnerability in Customer relationship management (Email management)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-10-08","First_released_on":"2019-10-08","Link":"https:\/\/me.sap.com\/notes\/2751806"},{"Id":"2752614","SAP_Component":"OPU-GW-COR","Title":"[CVE-2019-0319] Content-Injection-Schwachstelle in SAP Gateway","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2752614"},{"Id":"2753497","SAP_Component":"MOB-SDK-AGC","Title":"[CVE-2019-0274] Denial-of-Service-Schwachstelle (DoS) in SAP Work Manager und SAP Inventory Manager","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2753497"},{"Id":"2753595","SAP_Component":"BC-FES-BUS-DSK","Title":"SAP NetWeaver Business Client zeigt keinen Warndialog f\u00c3\u00bcr bestimmte ung\u00c3\u00bcltige Serverzertifikate an","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2753595"},{"Id":"2753629","SAP_Component":"BC-INS-FWK","Title":"[CVE-2019-0279] Fehlende Berechtigungspr\u00c3\u00bcfung f\u00c3\u00bcr ABAP-INST-Funktionsbaustein","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-04-09","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2753629"},{"Id":"2754235","SAP_Component":"FS-FPS-SLA","Title":"[CVE-2019-0276] Inad\u00c3\u00a4quate Berechtigungspr\u00c3\u00bcfung im Bankwesen aus SAP und in SAP S\/4HANA f\u00c3\u00bcr das Nebenbuch f\u00c3\u00bcr Finanzprodukte","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2754235"},{"Id":"2754546","SAP_Component":"BI-LUM-COR","Title":"M\u00c3\u00b6gliche Offenlegung von Informationen in SAP Lumira, Designer Edition","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2754546"},{"Id":"2754555","SAP_Component":"FI-FIO-AP","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) im Backend von App F0673 (\"Bankzahlungen genehmigen\")","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-05-10","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/2754555"},{"Id":"2755438","SAP_Component":"BC-XI-IBF-UI","Title":"[CVE-2019-0315] Information Disclosure in Integration Builder Framework of SAP NetWeaver Process Integration","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2755438"},{"Id":"2755502","SAP_Component":"BC-XI-IBF-UI","Title":"[CVE-2019-0305] Clickjacking vulnerability in Integration Builder Framework of SAP NetWeaver Process Integration","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2755502"},{"Id":"2756188","SAP_Component":"FI-FIO-AP","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) im Frontend von App F0673 (\"Bankzahlungen genehmigen\")","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-05-10","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/2756188"},{"Id":"2756453","SAP_Component":"CRM-S4-IC-BF","Title":"Insufficient page protection in S\/4HANA for customer management","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2756453"},{"Id":"2756539","SAP_Component":"CA-UI5-CTR-ROD","Title":"[CVE-2019-0281] Cross-Site-Scripting-Schwachstelle (XSS) in SAPUI5 und OpenUI5","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2756539"},{"Id":"2756551","SAP_Component":"IS-OIL-DS-TSW","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in TSW-Logistikkettenvisualisierung","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2756551"},{"Id":"2756625","SAP_Component":"SV-SMG-SDD","Title":"[CVE-2019-0293] Fehlende Authentifizierungspr\u00c3\u00bcfung in Pr\u00c3\u00bcfung f\u00c3\u00bcr RFC-Destinationen im SAP Solution Manager und verwalteten ABAP-Systemen","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2756625"},{"Id":"2758000","SAP_Component":"EPM-DSM-GEN","Title":"[CVE-2020-6267] Multiple vulnerabilities in SAP Disclosure Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2758000"},{"Id":"2764283","SAP_Component":"BC-XS-RT","Title":"[CVE-2019-0277] Schwachstelle im Zusammenhang mit der XML External Entity in SAP HANA Extended Application Services, Advanced","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-03-12","First_released_on":"2019-03-12","Link":"https:\/\/me.sap.com\/notes\/2764283"},{"Id":"2764513","SAP_Component":"BI-RA-WBI-BE-DP","Title":"[CVE-2019-0333] Schwachstelle mit Blick auf Offenlegung von Informationen in Business-Intelligence-Plattform von SAP BusinessObjects (Web Intelligence und CMC)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2764513"},{"Id":"2764733","SAP_Component":"BI-BIP-BIW","Title":"[CVE-2019-0326] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (BI-Arbeitsbereich)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2764733"},{"Id":"2768864","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2019-0353] Schwachstelle mit Blick auf Offenlegung von Informationen im SAP-Business-One-Client","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2019-09-10","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2768864"},{"Id":"2771128","SAP_Component":"BC-XS-SEC","Title":"[CVE-2019-0306] Offenlegung von Informationen bei in den Erweiterten Anwendungsservices von SAP HANA, erweitertes Modell","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2771128"},{"Id":"2771221","SAP_Component":"BI-BIP-BIW","Title":"[CVE-2019-0334] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (BI-Arbeitsbereich)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2771221"},{"Id":"2772266","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"[CVE-2019-0307] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Solution Manager 7.2 (Diagnostics-Agent)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2772266"},{"Id":"2772325","SAP_Component":"EPM-DSM-GEN","Title":"[CVE-2020-6303] Improper input validation in SAP Disclosure Management","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-01-14","First_released_on":"2020-01-13","Link":"https:\/\/me.sap.com\/notes\/2772325"},{"Id":"2772376","SAP_Component":"HAN-DB","Title":"[CVE-2019-0284] Schwachstelle im Zusammenhang mit der XML External Entity in SAP HANA SLDREG","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-04-09","First_released_on":"2019-04-09","Link":"https:\/\/me.sap.com\/notes\/2772376"},{"Id":"2773086","SAP_Component":"CRM-ISA-BAS","Title":"[CVE-2019-0298] Cross-Site-Scripting-Schwachstelle (XSS-Schwachstelle) in Anwendung SAP E-Commerce (Business-to-Consumer)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2773086"},{"Id":"2773493","SAP_Component":"CRM-ISA-BCS","Title":"[CVE-2019-0308] Code Injection vulnerability in SAP E-Commerce (Business-to-Consumer) Application","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:N\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2773493"},{"Id":"2773888","SAP_Component":"BC-MID-ICF","Title":"[CVE-2019-0321] Cross-Site-Scripting-Schwachstelle (XSS) in ABAP-Server und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2773888"},{"Id":"2774489","SAP_Component":"BC-XI-IS-IEN","Title":"[CVE-2019-0328] Code-Injection-Schwachstelle in ABAP-Testmodulen der SAP-NetWeaver-Process-ntegration","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:N\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2774489"},{"Id":"2774742","SAP_Component":"BC-SRV-KPR","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in ABAP-Server und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2774742"},{"Id":"2776558","SAP_Component":"FS-TXS","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Funding Management","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-04-23","First_released_on":"2019-04-23","Link":"https:\/\/me.sap.com\/notes\/2776558"},{"Id":"2777910","SAP_Component":"BC-JAS-WEB","Title":"[CVE-2019-0327] Uneingeschr\u00c3\u00a4nkte Datei-Upload-Schwachstelle in SAP NetWeaver AS Java (Web Container)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2777910"},{"Id":"2781873","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2019-0322] Denial-of-Service-Schwachstelle (DoS) in SAP Commerce Cloud","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2781873"},{"Id":"2784307","SAP_Component":"BC-IAM-IDM","Title":"[CVE-2019-0301] Eskalation von Berechtigungen in SAP Identity Management REST Interface Version 2","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-05-14","First_released_on":"2019-05-14","Link":"https:\/\/me.sap.com\/notes\/2784307"},{"Id":"2784596","SAP_Component":"FI-LOC-SRF-RUN","Title":"Cross-Site Request Forgery (CSRF) vulnerability in Run Compliance Report","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2019-10-08","Link":"https:\/\/me.sap.com\/notes\/2784596"},{"Id":"2786035","SAP_Component":"CEC-COM-CPS-CKP","Title":"[CVE-2019-0344] Code-Injection-Schwachstellen in SAP Commerce Cloud (Erweiterungen mediaconversion und virtualjdbc)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2786035"},{"Id":"2786151","SAP_Component":"BC-MID-RFC","Title":"[CVE-2019-0365] Denial-of-Service-Angriff (DoS) in SAP Kernel (RFC), SAP GUI for Windows und SAP GUI for Java","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-09-24","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2786151"},{"Id":"2788178","SAP_Component":"CA-WUI-UI-TAG","Title":"[CVE-2023-24525] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM WebClient UI","CVSS_Score":"4.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/2788178"},{"Id":"2789866","SAP_Component":"BC-XI-CON-JPR","Title":"[CVE-2019-0337] Cross-Site-Scripting-Schwachstelle (XSS) in der Java Proxy Runtime der SAP NetWeaver Process Integration","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-01-26","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2789866"},{"Id":"2792430","SAP_Component":"BC-SYB-SQA","Title":"[CVE-2019-0381] Binary-Planting-Schwachstelle in SAP SQL Anywhere, SAP IQ und SAP Dynamic Tiering","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-10-08","First_released_on":"2019-10-08","Link":"https:\/\/me.sap.com\/notes\/2792430"},{"Id":"2793351","SAP_Component":"OPU-GW-COR","Title":"[CVE-2019-0338]Offenlegung von Informationen in SAP Gateway","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2793351"},{"Id":"2793805","SAP_Component":"MOB-SYC-SAP-IM","Title":"[CVE-2019-0314] Denial of service (DOS) in SAP Work Manager and SAP Inventory Manager","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-06-11","First_released_on":"2019-06-11","Link":"https:\/\/me.sap.com\/notes\/2793805"},{"Id":"2794564","SAP_Component":"SV-SMG-OST","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Solution Manager (RFCs f\u00c3\u00bcr Focused Build)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-10-08","First_released_on":"2019-10-08","Link":"https:\/\/me.sap.com\/notes\/2794564"},{"Id":"2794742","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2019-0340] Mehrere Sicherheitsschwachstellen in SAP Enable Now","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2794742"},{"Id":"2798133","SAP_Component":"PY-ES","Title":"[CVE-2019-0325] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP HCM","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-26","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2798133"},{"Id":"2798243","SAP_Component":"HAN-DB","Title":"[CVE-2019-0350] Denial-of-Service (DoS) in SAP-HANA-Datenbank","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2798243"},{"Id":"2798336","SAP_Component":"BC-JAS-WEB","Title":"[CVE-2019-0355] Code-Injection-Schwachstelle in SAP NetWeaver Application Server for Java (Web Container)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-09-10","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2798336"},{"Id":"2798743","SAP_Component":"BC-SEC-AUT","Title":"[CVE-2019-0349] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP-Kernel (ABAP Debugger)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2798743"},{"Id":"2800779","SAP_Component":"BC-ESI-UDDI","Title":"[CVE-2019-0351] Remote-Ausf\u00c3\u00bchrung von Code (RCE) in SAP NetWeaver UDDI Server (Services Registry)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2800779"},{"Id":"2802521","SAP_Component":"BC-XI-IS-WKB","Title":"[CVE-2019-0356] Offenlegung von Informationen in der XI Runtime Workbench von SAP NetWeaver Process Integration","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-09-10","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2802521"},{"Id":"2803353","SAP_Component":"SBO-CRO-SEC","Title":"Mehrere Schwachstellen in SAP Business One (Browserzugriffsprozess-Monitor und Integration Framework)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-09-10","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2803353"},{"Id":"2803554","SAP_Component":"PPM-PRO","Title":"[CVE-2019-0399] M\u00c3\u00b6gliche Offenlegung von Informationen in SAP Portfolio and Project Management","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-12-10","First_released_on":"2019-12-10","Link":"https:\/\/me.sap.com\/notes\/2803554"},{"Id":"2804833","SAP_Component":"EIM-IS","Title":"[CVE-2019-0329] Cross-Site-Scripting-(XSS)-Schwachstelle in SAP Information Steward 4.2","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2804833"},{"Id":"2805777","SAP_Component":"BC-XI-CON-B2B-ICP","Title":"[CVE-2019-0367] Fehlende Berechtigungspr\u00c3\u00bcfung im B2B Content Manager des B2B-Add-Ons f\u00c3\u00bcr SAP NetWeaver Process Integration","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-10-08","First_released_on":"2019-10-08","Link":"https:\/\/me.sap.com\/notes\/2805777"},{"Id":"2806198","SAP_Component":"BC-ESI-UDDI","Title":"[CVE-2020-6203] Pfadmanipulation in SAP NetWeaver UDDI Server (Services Registry)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2806198"},{"Id":"2806403","SAP_Component":"EPM-BFC-TCL","Title":"[CVE-2019-0370] Multiple Vulnerabilities in SAP Financial Consolidation","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-10-08","First_released_on":"2019-10-08","Link":"https:\/\/me.sap.com\/notes\/2806403"},{"Id":"2808158","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"[CVE-2019-0330] BS-Befehl-Code-Injection-Schwachstelle in SAP-Diagnostics-Agent","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-11-12","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2808158"},{"Id":"2812152","SAP_Component":"BC-ABA-LA","Title":"Aktualisierung 1 zu Sicherheitshinweis 2643447","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-07-09","First_released_on":"2019-07-09","Link":"https:\/\/me.sap.com\/notes\/2812152"},{"Id":"2813811","SAP_Component":"BC-JAS-ADM-MON","Title":"[CVE-2019-0345 ]Serverseitige Request Forgery im SAP-NetWeaver-Anwendungsserver f\u00c3\u00bcr Java (Administrator-System\u00c3\u00bcbersicht)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-08-13","First_released_on":"2019-08-13","Link":"https:\/\/me.sap.com\/notes\/2813811"},{"Id":"2814007","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2019-0396] Schwachstelle mit Blick auf fehlende XML-Validierung in SAP-BusinessObjects-Business-Intelligence-Plattform (Web-Intelligence-HTML-Schnittstelle)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2814007"},{"Id":"2814357","SAP_Component":"BC-MID-CON-JCO","Title":"[CVE-2019-0389] Eskalation von Berechtigungen in SAP NetWeaver Application Server Java","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2814357"},{"Id":"2814462","SAP_Component":"FI-LOC-FI-BR","Title":"Missing Authorization Check in S\/4Hana ACR Brazil Option Features","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-26","First_released_on":"2019-11-26","Link":"https:\/\/me.sap.com\/notes\/2814462"},{"Id":"2816035","SAP_Component":"QM","Title":"[CVE-2019-0393] SQL-Injection-Schwachstelle in SAP-Qualit\u00c3\u00a4tsmanagement","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2816035"},{"Id":"2817491","SAP_Component":"BC-XS-SEC","Title":"[CVE-2019-0363] Mehrere Sicherheitsschwachstellen in den Erweiterten Anwendungsservices von SAP HANA (erweitertes Modell)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-09-10","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2817491"},{"Id":"2817937","SAP_Component":"BI-RA-WBI-FE","Title":"[CVE-2019-0382] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Plattform (Web Intelligence)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2817937"},{"Id":"2817945","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2019-0374] Mehrere Cross-Site-Scripting-Schwachstellen (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (Web-Intelligence-HTML-Schnittstelle)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-10-08","First_released_on":"2019-10-08","Link":"https:\/\/me.sap.com\/notes\/2817945"},{"Id":"2818963","SAP_Component":"BC-XI-CON-AFW","Title":"Clickjacking-Schwachstelle in Adapterlaufzeit von SAP Process Integration","CVSS_Score":"5.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2818963"},{"Id":"2818965","SAP_Component":"BC-XI-IS-WKB","Title":"Clickjacking-Schwachstelle in Runtime Workbench von SAP Process Integration","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/2818965"},{"Id":"2819170","SAP_Component":"FIN-FSCM-TRM-TM-TR","Title":"[CVE-2019-0383] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Treasury and Risk Management (Gesch\u00c3\u00a4ftsverwaltung)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2819170"},{"Id":"2819233","SAP_Component":"BC-WD-ABA","Title":"Offenlegung von Informationen in Web-Dynpro-ABAP-Anwendungen","CVSS_Score":"5.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2819233"},{"Id":"2820607","SAP_Component":"SRM-CAT-MDM","Title":"[CVE-2019-0361] Cross-Site-Scripting (XSS) Schwachstelle in SAP Supplier Relationship Management (Master Data Management Catalog)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-09-10","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2820607"},{"Id":"2822074","SAP_Component":"BC-DWB-TOO-BOB","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver (ABAP Server)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-01-14","Link":"https:\/\/me.sap.com\/notes\/2822074"},{"Id":"2823733","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"Update 1 zu Sicherheitshinweis 2808158: [CVE-2019-0330] BS-Befehl-Code-Injection-Schwachstelle in SAP-Diagnostics-Agent","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-11-12","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2823733"},{"Id":"2824209","SAP_Component":"BC-XI-IBC","Title":"Clickjacking-Schwachstelle in SAP Process Integration (Integration Builder Framework)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2824209"},{"Id":"2826015","SAP_Component":"BC-XI-CON-B2B-AS2","Title":"[CVE-2019-0379] Fehlende Berechtigungspr\u00c3\u00bcfung im AS2-Adapter des B2B-Add-Ons f\u00c3\u00bcr SAP NetWeaver Process Integration","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-10-08","First_released_on":"2019-10-08","Link":"https:\/\/me.sap.com\/notes\/2826015"},{"Id":"2826092","SAP_Component":"CRM-IPS-BTX-APL","Title":"[CVE-2023-33986] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM ABAP (F\u00c3\u00b6rdermittelvergabe)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2023-06-13","Link":"https:\/\/me.sap.com\/notes\/2826092"},{"Id":"2826528","SAP_Component":"BC-JAS-WEB","Title":"[CVE-2020-6224] Offenlegung von Informationen in SAP NetWeaver Application Server Java (HTTP-Service)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-12-22","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2826528"},{"Id":"2826782","SAP_Component":"MOB-APP-BI-SRV","Title":"[CVE-2020-6196] Denial-of-Service (DoS) in SAP BusinessObjects Mobile (MobileBIService)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2826782"},{"Id":"2827086","SAP_Component":"IS-R-FRO","Title":"Mehrere Sicherheitsschwachstellen in FRP 5.4.0 und FR Engine 5.4.0","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-11-09","First_released_on":"2021-11-09","Link":"https:\/\/me.sap.com\/notes\/2827086"},{"Id":"2828558","SAP_Component":"BI-BIP-LCM","Title":"[CVE-2020-6245] Mehrere Schwachstellen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2828558"},{"Id":"2828682","SAP_Component":"BC-VCM-LVM","Title":"[CVE-2019-0380] Schwachstelle in SAP Landscape Management Enterprise bez\u00c3\u00bcglich der Offenlegung von Informationen","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2019-10-08","First_released_on":"2019-10-08","Link":"https:\/\/me.sap.com\/notes\/2828682"},{"Id":"2828981","SAP_Component":"FIN-FSCM-TRM-TM","Title":"[CVE-2019-0384] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Treasury and Risk Management (Gesch\u00c3\u00a4ftsverwaltung)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2828981"},{"Id":"2829681","SAP_Component":"HAN-DB","Title":"[CVE-2019-0357] Eskalation von Berechtigungen in der SAP-HANA-Datenbank","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-09-10","First_released_on":"2019-09-10","Link":"https:\/\/me.sap.com\/notes\/2829681"},{"Id":"2830578","SAP_Component":"BI-BIP-INV","Title":"[CVE-2019-0395] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (SAP Fiori BI Launchpad)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-12-10","First_released_on":"2019-12-10","Link":"https:\/\/me.sap.com\/notes\/2830578"},{"Id":"2833771","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2019-0385] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Enable Now","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Info zum Upgrade","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2833771"},{"Id":"2835226","SAP_Component":"BC-TWB-TST-ECA","Title":"[CVE-2019-0391] Offenlegung von Informationen in SAP NetWeaver Application Server Java (eCATT-Service)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2835226"},{"Id":"2835240","SAP_Component":"BC-XI-IGW","Title":"Clickjacking-Schwachstelle in Cloud-Integrations-Content von SAP Process Integration","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2835240"},{"Id":"2835979","SAP_Component":"SV-SMG-SDD","Title":"[CVE-2020-6262] Code-Injection-Schwachstelle im Service Data Download","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2835979"},{"Id":"2836445","SAP_Component":"BC-CCM-MON-OS","Title":"[CVE-2020-6183] Unberechtigter Zugriff auf technische Daten mit SAPOSCOL des SAP-Host-Agenten","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2836445"},{"Id":"2838835","SAP_Component":"BC-JAS-ADM-ADM","Title":"[CVE-2020-6190] Offenlegung von Informationen in SAP NetWeaver AS Java (Anwendung f\u00c3\u00bcr Heap-Dump)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2838835"},{"Id":"2839864","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"Update 2 zu Sicherheitshinweis 2808158: [CVE-2019-0330] BS-Befehl-Code-Injection-Schwachstelle in SAP-Diagnostics-Agent","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-04-14","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2839864"},{"Id":"2840520","SAP_Component":"SD-SLS","Title":"[CVE-2019-0386] Fehlende Berechtigungspr\u00c3\u00bcfung in ERP Sales und S\/4HANA Sales (SD-SLS)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2840520"},{"Id":"2841053","SAP_Component":"BC-CCM-HAG","Title":"[CVE-2020-6186] Denial-of-Service-Schwachstelle (DoS) in SAP Host Agent","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Beratung","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2841053"},{"Id":"2841874","SAP_Component":"FIN-FSCM-TRM-TM","Title":"[CVE-2020-6204] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Treasury and Risk Management (Gesch\u00c3\u00a4ftsverwaltung)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2841874"},{"Id":"2842034","SAP_Component":"EIM-DH","Title":"[CVE-2019-0390] Information Disclosure in  SAP Data Hub","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-11-12","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2842034"},{"Id":"2843016","SAP_Component":"CA-UI5-DLV","Title":"[CVE-2019-0388] Content-Spoofing-Schwachstelle im SAPUI5 HTTP Handler","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-12-14","First_released_on":"2019-11-12","Link":"https:\/\/me.sap.com\/notes\/2843016"},{"Id":"2845183","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2019-0405] Mehrere Sicherheitsschwachstellen in SAP Enable Now, Release 1911","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-12-10","First_released_on":"2019-12-10","Link":"https:\/\/me.sap.com\/notes\/2845183"},{"Id":"2845363","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2020-6197] Unzureichender Sitzungsablauf in SAP Enable Now Manager","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Info zum Upgrade","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2845363"},{"Id":"2845377","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"[CVE-2020-6198] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Solution Manager (Diagnostics-Agent)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2845377"},{"Id":"2845401","SAP_Component":"SV-SMG-IFM","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in Realtech RTCISM 100","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-01-14","First_released_on":"2020-01-14","Link":"https:\/\/me.sap.com\/notes\/2845401"},{"Id":"2845780","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2019-0402] Offenlegung von Informationen in SAP Adaptive Server Enterprise","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2019-12-10","First_released_on":"2019-12-10","Link":"https:\/\/me.sap.com\/notes\/2845780"},{"Id":"2847787","SAP_Component":"BC-JAS-SEC-UME","Title":"[CVE-2020-6202] Fehlende XML-Validierung in SAP NetWeaver Application Server Java (User Management Engine)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2847787"},{"Id":"2847817","SAP_Component":"FI-TV-ODT-MTR","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung im Reisemanagement","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2847817"},{"Id":"2848498","SAP_Component":"BC-CST-IC","Title":"[CVE-2020-6304] Denial-of-Service-Schwachstelle (DoS) im Sap NetWeaver Internet Communication Manager","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-01-14","First_released_on":"2020-01-14","Link":"https:\/\/me.sap.com\/notes\/2848498"},{"Id":"2849967","SAP_Component":"BI-BIP-AUT","Title":"[CVE-2020-6276] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (Bipodata)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2849967"},{"Id":"2856923","SAP_Component":"BC-WD-ABA","Title":"[CVE-2020-6240] Denial-of-Service (DoS) in SAP NetWeaver Application Server ABAP (Web Dynpro ABAP)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2856923"},{"Id":"2857511","SAP_Component":"XX-CSC-RAT","Title":"[CVE-2020-6188] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP und SAP S\/4HANA (Pro-rata-MwSt.-Reports)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2857511"},{"Id":"2858044","SAP_Component":"EPM-DSM-GEN","Title":"[CVE-2020-6209] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Disclosure Management","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2858044"},{"Id":"2859004","SAP_Component":"LOD-HCI-DS","Title":"[CVE-2020-6206] Cross-Site-Request-Forgery-Schwachstelle (CSRF) in SAP Cloud Platform Integration f\u00c3\u00bcr Datenservices","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2859004"},{"Id":"2861301","SAP_Component":"BI-RA-CR","Title":"[CVE-2020-6208] Remote-Ausf\u00c3\u00bchrung von Code in SAP-BusinessObjects-Business-Intelligence-Plattform (Crystal Reports)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2861301"},{"Id":"2863396","SAP_Component":"BI-BIP-SRV","Title":"[CVE-2020-6227] Nicht authentifizierte Remote Log Injection in SAP-BusinessObjects-Business-Intelligence-Plattform (CMS-\/Auditing-Probleme)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2863396"},{"Id":"2863397","SAP_Component":"BC-UPG-NA","Title":"[CVE-2020-6307] Fehlende Berechtigungspr\u00c3\u00bcfung in automatisierter Hinweissuche (SAP_BASIS)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-12-22","First_released_on":"2020-01-14","Link":"https:\/\/me.sap.com\/notes\/2863397"},{"Id":"2863731","SAP_Component":"BI-RA-CRV","Title":"[CVE-2020-6219] Deserialisierung nicht vertrauensw\u00c3\u00bcrdiger Daten in SAP BusinessObjects Business Intelligence (CR .Net SDK Web Form Viewer)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-04-28","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2863731"},{"Id":"2863743","SAP_Component":"BC-XI-CON-RST","Title":"[CVE-2020-6305] Cross-Site-Scripting-Schwachstelle (XSS) im REST-Adapter der SAP Process Integration","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-01-14","First_released_on":"2020-01-14","Link":"https:\/\/me.sap.com\/notes\/2863743"},{"Id":"2864415","SAP_Component":"BC-GP","Title":"[CVE-2020-6187] Schwachstelle im Zusammenhang mit fehlender XML-Validierung in SAP NetWeaver(Guided Procedures)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2864415"},{"Id":"2864462","SAP_Component":"CA-FLP-FE-COR","Title":"[CVE-2020-6210] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Fiori Launchpad","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2864462"},{"Id":"2864966","SAP_Component":"XX-CSC-EG-FI","Title":"[CVE-2020-6212] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP und SAP S\/4HANA (lokalisierte Quellensteuerberichte f\u00c3\u00bcr \u00c3\u201egypten)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2864966"},{"Id":"2865229","SAP_Component":"CA-FLP-ABA","Title":"[CVE-2020-6283] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Fiori (Launchpad)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-09-08","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2865229"},{"Id":"2865348","SAP_Component":"FI-LA","Title":"[CVE-2020-6306] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Leasing","CVSS_Score":"2.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-01-14","First_released_on":"2020-01-14","Link":"https:\/\/me.sap.com\/notes\/2865348"},{"Id":"2866752","SAP_Component":"BC-FES-BUS-DSK","Title":"[CVE-2020-6228] Fehlende Integrit\u00c3\u00a4tspr\u00c3\u00bcfung in SAP BUSINESS CLIENT","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:N\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2866752"},{"Id":"2870067","SAP_Component":"BC-ABA-XML","Title":"Aktualisierung 1 zu SAP-Sicherheitshinweis 2736825 - [CVE-2019-0271] Schwachstelle in ABAP Server in Verbindung mit einem Denial-of-Service per XML External Entity (XXE)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2870067"},{"Id":"2871167","SAP_Component":"FI-LOC-FI-EG","Title":"[CVE-2020-6199] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP und SAP S\/4HANA (MENA-Zertifikatsverwaltung)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2871167"},{"Id":"2871877","SAP_Component":"XX-PART-HCL-EAM","Title":"Mehrere Sicherheitsschwachstellen in SAP Enterprise Asset Management, Add-on f\u00c3\u00bcr MRO 4.0 by HCL f\u00c3\u00bcr SAP S\/4HANA 1809","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2019-12-24","First_released_on":"2019-12-24","Link":"https:\/\/me.sap.com\/notes\/2871877"},{"Id":"2872545","SAP_Component":"BC-BSP","Title":"[CVE-2020-6217] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (Business Server Pages Test Application IT05)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2872545"},{"Id":"2872752","SAP_Component":"BC-BSP","Title":"[CVE-2020-6213] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_PHTMLB)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2872752"},{"Id":"2872782","SAP_Component":"BC-BSP","Title":"[CVE-2020-6215] URL-Umleitungsschwachstelle in SAP NetWeaver AS ABAP \u00e2\u20ac\u201c Business Server Pages Test Application IT00","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2872782"},{"Id":"2873012","SAP_Component":"EP-KM-CM-ICE","Title":"[CVE-2020-6193] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver (ICE-Service f\u00c3\u00bcr Knowledge Management)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2873012"},{"Id":"2873099","SAP_Component":"EHS-SUS-FND","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in EHS-Aufgabendefinitionsanlagen","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2873099"},{"Id":"2874738","SAP_Component":"FI-LOC-FI-BR","Title":"Missing Authorization Check in S4 ACR Brazil Option","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2874738"},{"Id":"2876059","SAP_Component":"BI-BIP-INV","Title":"[CVE-2020-6216] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (BILaunchpad\/OpenDocument)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2876059"},{"Id":"2876413","SAP_Component":"CEC-COM-CPS-WEB","Title":"[CVE-2020-6200] Cross-Site-Scripting in SAP Commerce Cloud (SmartEdit extension)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2876413"},{"Id":"2876813","SAP_Component":"CEC-COM-CPS-WEB","Title":"[CVE-2020-6201] Cross-Site Scripting (XSS) vulnerability in SAP Commerce Cloud (testweb extension)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2876813"},{"Id":"2877226","SAP_Component":"SRM-EBP-INT","Title":"Switchable Authorization checks in SAP Supplier Relationship Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-12","First_released_on":"2020-03-12","Link":"https:\/\/me.sap.com\/notes\/2877226"},{"Id":"2877968","SAP_Component":"BC-VCM-LVM","Title":"[CVE-2020-6192] Fehlende Eingabepr\u00c3\u00bcfung in SAP Landscape Management","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2877968"},{"Id":"2878030","SAP_Component":"BC-VCM-LVM","Title":"[CVE-2020-6191] Fehlende Eingabepr\u00c3\u00bcfung in SAP Landscape Management","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2878030"},{"Id":"2878507","SAP_Component":"BI-BIP-INV","Title":"[CVE-2020-6195] Mehrere Schwachstellen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:P\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2878507"},{"Id":"2878555","SAP_Component":"BI-BIP-INV","Title":"Aktualisierung 1 zu Sicherheitshinweis 2735924 - [CVE-2019-0352] Falsches Sitzungsmanagement in SAP-BusinessObjects-Business-Intelligence-Plattform (CMC)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:P\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2878555"},{"Id":"2878568","SAP_Component":"BC-JAS-COR-RMT","Title":"[CVE-2020-6263] Umgehung der Authentifizierung in eigenst\u00c3\u00a4ndigen Clients, die \u00c3\u00bcber ein P4-Protokoll mit SAP NetWeaver AS Java verbunden sind","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2878568"},{"Id":"2878935","SAP_Component":"BC-BSP","Title":"[CVE-2020-6246] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2878935"},{"Id":"2879132","SAP_Component":"BI-RA-WBI-FE","Title":"[CVE-2020-6226] Cross-Site-Scripting-Schwachstellen (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (Web-Intelligence-HTML-Schnittstelle)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2879132"},{"Id":"2880664","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2020-6178] Unzureichender Sitzungsablauf in SAP Enable Now Manager","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2880664"},{"Id":"2880744","SAP_Component":"BC-SEC-LGN-SML","Title":"[CVE-2020-6181] HTTP-Response-Splitting-Schwachstelle in SAP NetWeaver und ABAP-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2880744"},{"Id":"2880804","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2020-6222] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (Web-Intelligence-HTML-Schnittstelle)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2880804"},{"Id":"2880869","SAP_Component":"BC-MID-AC","Title":"[CVE-2020-6184] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver und SAP S\/4HANA","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2880869"},{"Id":"2880993","SAP_Component":"MOB-ONP-SEC","Title":"[CVE-2020-6177] Schwachstelle mit Blick auf fehlende XML-Validierung in SAP Mobile Platform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-02-11","First_released_on":"2020-02-11","Link":"https:\/\/me.sap.com\/notes\/2880993"},{"Id":"2883638","SAP_Component":"SRM-CAT-MDM","Title":"Offenlegung von Informationen im Lieferantenbeziehungsmanagement","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2883638"},{"Id":"2884910","SAP_Component":"BC-SRV-SSF","Title":"[CVE-2020-6205] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP Business Server Pages (Smart Forms)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2884910"},{"Id":"2885244","SAP_Component":"LOD-ANA-LDC-UNV","Title":"[CVE-2020-6242] Fehlende Berechtigungspr\u00c3\u00bcfung in Business-Intelligence-Plattform von SAP Business Objects (Live Data Connect)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2885244"},{"Id":"2885671","SAP_Component":"FI-FIO-GL","Title":"[CVE-2020-6273] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA (SAP-Fiori-UI f\u00c3\u00bcr Hauptbuchhaltung)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2885671"},{"Id":"2888556","SAP_Component":"CEC-COM-CPS-WEB","Title":"[CVE-2020-6232] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Commerce","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2888556"},{"Id":"2890213","SAP_Component":"SV-SMG-MON-EEM","Title":"[CVE-2020-6207] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Solution Manager","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-03-09","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2890213"},{"Id":"2892570","SAP_Component":"BC-DWB-AIE-DIC","Title":"Schwachstelle im Zusammenhang mit fehlender XML-Validierung in ABAP Development Tools","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-03-10","First_released_on":"2020-03-10","Link":"https:\/\/me.sap.com\/notes\/2892570"},{"Id":"2896025","SAP_Component":"BC-JAS-COR-RMT","Title":"[CVE-2020-6282] Serverseitige Request Forgery in SAP NetWeaver AS JAVA (IIOP-Service)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Modifikation","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-25","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2896025"},{"Id":"2896682","SAP_Component":"EP-KM-CM-UI","Title":"[CVE-2020-6225] Directory-Traversal-Schwachstelle in SAP NetWeaver (Knowledge Management)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2896682"},{"Id":"2897391","SAP_Component":"CA-MDG-APP-MM","Title":"[CVE-2024-24741] Missing Authorization check in SAP Master Data Governance Material","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-01","Link":"https:\/\/me.sap.com\/notes\/2897391"},{"Id":"2897612","SAP_Component":"FS-FPS","Title":"[CVE-2020-6214] Falsche Berechtigung in SAP S\/4HANA (Nebenbuch f\u00c3\u00bcr Finanzprodukte)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2897612"},{"Id":"2898077","SAP_Component":"BI-DEV-WEB","Title":"[CVE-2020-6237] Schwachstelle mit Blick auf Offenlegung von Informationen in Business-Intelligence-Plattform von SAP BusinessObjects (Webanwendung dswsbobje)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2898077"},{"Id":"2900118","SAP_Component":"BC-DB-ODB","Title":"[CVE-2020-6230] Code-Injection-Schwachstelle in SAP OrientDB 3.0","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2900118"},{"Id":"2900326","SAP_Component":"FS-PE","Title":"Missing Authorization check in Payment Engine","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/2900326"},{"Id":"2900374","SAP_Component":"CA-GTF-PCF","Title":"[CVE-2020-6229] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (Business-Server-Pages-Applikation CRM_BSP_FRAME)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2900374"},{"Id":"2902456","SAP_Component":"BC-VCM-LVM","Title":"[CVE-2020-6236] Eskalation von Berechtigungen in SAP Landscape Management (SAP Adaptive Extensions)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-09-23","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2902456"},{"Id":"2902645","SAP_Component":"BC-CCM-HAG","Title":"[CVE-2020-6234] Berechtigungseskalation im SAP Host Agent","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2902645"},{"Id":"2903743","SAP_Component":"BC-VCM-LVM","Title":"Offenlegung von Informationen in SAP Landscape Management","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2903743"},{"Id":"2904480","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2020-6238] Schwachstelle mit Blick auf fehlende XML-Validierung in SAP Commerce","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2904480"},{"Id":"2904569","SAP_Component":"CA-WUI-APF","Title":"Cross-Site Request Forgery (CSRF) vulnerability in SAP CRM WebClient UI","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-27","First_released_on":"2021-04-27","Link":"https:\/\/me.sap.com\/notes\/2904569"},{"Id":"2904796","SAP_Component":"FS-BA","Title":"[CVE-2020-6233] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA (Nebenbuch f\u00c3\u00bcr Finanzprodukte und Banking Services)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2904796"},{"Id":"2905836","SAP_Component":"BI-DEV-WEB","Title":"[CVE-2020-6269] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2905836"},{"Id":"2906366","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2020-6264] Information Disclosure in SAP Commerce","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2906366"},{"Id":"2906994","SAP_Component":"SV-SMG-ADM-CNT","Title":"[CVE-2020-6235] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Solution Manager (Diagnostics-Agent)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-04-14","First_released_on":"2020-04-14","Link":"https:\/\/me.sap.com\/notes\/2906994"},{"Id":"2906996","SAP_Component":"FS-SR","Title":"[CVE-2020-6268] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP (Meldewesen f\u00c3\u00bcr Versicherungen)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2906996"},{"Id":"2907781","SAP_Component":"BI-RA-WBI","Title":"[CVE-2020-6257] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (CMC und BI Launchpad)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2907781"},{"Id":"2908382","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2020-6239] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One (Sicherungsdienst)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2908382"},{"Id":"2908560","SAP_Component":"CA-MDG-CMP","Title":"[CVE-2020-6249] SQL-Injection-Schwachstelle in SAP Master Data Governance","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2908560"},{"Id":"2909641","SAP_Component":"BC-FES-BUS-DSK","Title":"Potenzielle Auslastung unsicherer SAPUILandscape-Dateien in SAP Business Client","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2909641"},{"Id":"2911267","SAP_Component":"OPU-GW-COR","Title":"Aktualisierung 1 zu Sicherheitshinweis 2752614 - [CVE-2019-0319] Content-Injection-Schwachstellen in SAP Gateway","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2911267"},{"Id":"2911687","SAP_Component":"PLM-FIO-DMS","Title":"[CVE-2020-6266] URL redirection in SAP Fiori for SAP S\/4HANA","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2911687"},{"Id":"2911704","SAP_Component":"PLM-FIO-DMS","Title":"[CVE-2020-6266] URL redirection in SAP Fiori for SAP S\/4HANA","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2911704"},{"Id":"2911801","SAP_Component":"BC-FES-BUS-DSK","Title":"[CVE-2020-6244] Binary-Planting-Schwachstelle in SAP Business Client","CVSS_Score":"7.0","CVSS_Vector":"CVSS:\/AV:L\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2911801"},{"Id":"2911863","SAP_Component":"BI-BIP-CMC","Title":"Offenlegung von Informationen in BOE-\/CMC-Anwendung","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/2911863"},{"Id":"2912708","SAP_Component":"BI-BIP-INV","Title":"[CVE-2020-6278] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (BI-Launchpad und CMC)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2912708"},{"Id":"2912747","SAP_Component":"CA-MDG-AF","Title":"[CVE-2020-6256 ] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Master Data Governance","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-12-22","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2912747"},{"Id":"2912939","SAP_Component":"BC-ABA-SC","Title":"[CVE-2020-6275] Serverseitige Request-Forgery-Schwachstelle in SAP NetWeaver AS ABAP","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-09-08","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2912939"},{"Id":"2913293","SAP_Component":"BC-SEC-ETD","Title":"[CVE-2020-6254] Cross-Site Scripting (XSS) vulnerability in SAP Enterprise Threat Detection","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2913293"},{"Id":"2915126","SAP_Component":"SV-SMG-DIA-APP-TA","Title":"[CVE-2020-6260] Unvollst\u00c3\u00a4ndige XML-Validierung in SAP Solution Manager (Trace-Analyse)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2915126"},{"Id":"2915429","SAP_Component":"BC-IAM-IDM","Title":"[CVE-2020-6258] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Identity Management","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2915429"},{"Id":"2915585","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2020-6243] Code-Injection in SAP Adaptive Server Enterprise (XP-Server auf Windows-Plattform)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2915585"},{"Id":"2916562","SAP_Component":"FS-AM-PR-CD","Title":"[CVE-2020-6270] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver AS ABAP (Banking Services)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2916562"},{"Id":"2916927","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2020-6241] SQL-Injection-Schwachstelle in SAP Adaptive Server Enterprise","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2916927"},{"Id":"2917022","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2020-6250] Offenlegung von Informationen in SAP Adaptive Server Enterprise","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2917022"},{"Id":"2917090","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2020-6252] Offenlegung von Informationen in SAP Adaptive Server Enterprise (Cockpit)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2917090"},{"Id":"2917273","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2020-6253] SQL-Injection-Schwachstelle in SAP Adaptive Server Enterprise (Web-Services)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2917273"},{"Id":"2917275","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2020-6248] Code-Injection in SAP Adaptive Server Enterprise (Backup-Server)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2917275"},{"Id":"2917381","SAP_Component":"CEC-COM-CPS-WEB","Title":"[CVE-2020-6272] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Commerce Cloud","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2917381"},{"Id":"2917743","SAP_Component":"BI-BIP-INV","Title":"[CVE-2020-6281] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (BI-Launchpad)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2917743"},{"Id":"2918762","SAP_Component":"XX-PART-ADB-IFM","Title":"Mehrere Schwachstellen in Adobe LiveCycle Designer 11.0","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2918762"},{"Id":"2918924","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2020-6265] Fest programmierte Anmeldeinformationen in SAP Commerce und SAP Commerce Data Hub","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2918924"},{"Id":"2920548","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2020-6259] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Adaptive Server Enterprise","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-05-12","First_released_on":"2020-05-12","Link":"https:\/\/me.sap.com\/notes\/2920548"},{"Id":"2921615","SAP_Component":"BI-BIP-SRV","Title":"BI-Plattform speichert SAP-BW-Authentifizierungskennwort als Klartext","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2921615"},{"Id":"2923035","SAP_Component":"CA-WUI-UI","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in SAP-CRM-WebClient-UI","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2923035"},{"Id":"2924859","SAP_Component":"IS-A","Title":"Missing Authorization check in Discrete Industries and Mill Products","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-25","First_released_on":"2020-08-25","Link":"https:\/\/me.sap.com\/notes\/2924859"},{"Id":"2925827","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2020-6300] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (Central Management Console)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2925827"},{"Id":"2927373","SAP_Component":"BC-CCM-MON-OS","Title":"[CVE-2020-6280] Offenlegung von Informationen in SAP NetWeaver (ABAP-Server) und ABAP-Plattform","CVSS_Score":"2.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2927373"},{"Id":"2927956","SAP_Component":"BI-RA-CR","Title":"[CVE-2020-6294] Fehlende Authentifizierungspr\u00c3\u00bcfung in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2927956"},{"Id":"2928570","SAP_Component":"FS-LMS","Title":"Apache-Tomcat-AJP-Schwachstelle 'Ghostcat' in SAP Liquidity Management for Banking","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Info zur Installation","Prio":"HotNews","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2928570"},{"Id":"2928635","SAP_Component":"EP-KM-CM","Title":"[CVE-2020-6284] Cross-Site-Scripting (XSS) in SAP NetWeaver (Knowledge Management)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-10-27","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2928635"},{"Id":"2930128","SAP_Component":"BI-BIP-BIW","Title":"[CVE-2020-6325] Mehrere Schwachstellen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-09-08","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2930128"},{"Id":"2931391","SAP_Component":"SV-SMG-MON-ALR-PRA","Title":"[CVE-2020-6271] Fehlende XML-Validierung in SAP Solution Manager (Problemkontextmanager)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-06-09","First_released_on":"2020-06-09","Link":"https:\/\/me.sap.com\/notes\/2931391"},{"Id":"2932473","SAP_Component":"BC-ESI-WS-JAV-RT","Title":"[CVE-2020-6285] Offenlegung von Informationen in SAP NetWeaver (XMLToolkit for Java)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-07-14","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2932473"},{"Id":"2934135","SAP_Component":"BC-INS-CTC","Title":"[CVE-2020-6287] Mehrere Schwachstellen in SAP NetWeaver AS JAVA (LM-Konfigurationsassistent)","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-07-28","First_released_on":"2020-07-14","Link":"https:\/\/me.sap.com\/notes\/2934135"},{"Id":"2934451","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2020-6302] Session-Fixierung in SAP Commerce","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-09-08","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2934451"},{"Id":"2935791","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2021-21444] Clickjacking-Schwachstelle in SAP-BusinessObjects-Business-Intelligence-Plattform (CMC und BI Launchpad)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2935791"},{"Id":"2938162","SAP_Component":"EP-KM-CM","Title":"[CVE-2020-6293] Schwachstelle bzgl. uneingeschr\u00c3\u00a4nktem Datei-Upload in SAP NetWeaver (Knowledge Management)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2938162"},{"Id":"2938650","SAP_Component":"SV-SMG-DIA-APP-TA","Title":"[CVE-2020-26836] Open Redirect in SAP Solution Manager (Trace-Analyse)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-12-08","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2938650"},{"Id":"2939419","SAP_Component":"BC-CTS-DTR","Title":"[CVE-2020-6370] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver WebDynpro (DI Design Time Repository)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2939419"},{"Id":"2939685","SAP_Component":"FS-BA-SD-PO","Title":"[CVE-2020-6298] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Banking Services (generische Marktdaten)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2939685"},{"Id":"2940823","SAP_Component":"CA-DI-ONP","Title":"[CVE-2020-6297] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Data Intelligence","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2940823"},{"Id":"2941170","SAP_Component":"CA-UI5-COR","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in modifizierter jQuery geb\u00c3\u00bcndelt mit SAPUI5","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-25","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2941170"},{"Id":"2941315","SAP_Component":"BC-ESI-WS-JAV-RT","Title":"[CVE-2020-6309] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver AS JAVA","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2941315"},{"Id":"2941332","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2020-6295] Offenlegung von Informationen in SAP Adaptive Server Enterprise","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2941332"},{"Id":"2941510","SAP_Component":"BC-MID-AC","Title":"[CVE-2020-6299] Offenlegung von Informationen in SAP NetWeaver (ABAP-Server) und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2941510"},{"Id":"2941667","SAP_Component":"BC-ABA-SC","Title":"[CVE-2020-6296] Code-Injection-Schwachstelle in SAP NetWeaver (ABAP) und ABAP-Plattform","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-09-22","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2941667"},{"Id":"2943844","SAP_Component":"BI-DEV-JAV","Title":"[CVE-2020-6308] Server-Side-Request-Forgery-Schwachstelle in SAP-BusinessObjects-Business-Intelligence-Plattform (Web-Services)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-23","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2943844"},{"Id":"2944188","SAP_Component":"PS-IS","Title":"[CVE-2020-6316] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP und SAP S\/4HANA","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2944188"},{"Id":"2944988","SAP_Component":"BC-ESI-WS-ABA-CFG","Title":"[CVE-2020-6310] Offenlegung von Informationen in SAP NetWeaver (ABAP-Server) und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2944988"},{"Id":"2945581","SAP_Component":"CA-WUI-UI","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in SAP-CRM-WebClient-UI","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-12-08","First_released_on":"2020-09-22","Link":"https:\/\/me.sap.com\/notes\/2945581"},{"Id":"2947891","SAP_Component":"FS-AM-OM-AC-DB","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung im API zum Lesen der Auszahlung, das im Web-Service zum Lesen der Auszahlung verwendet wird","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2947891"},{"Id":"2948239","SAP_Component":"BC-BSP","Title":"[CVE-2020-6324] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (BSP-Testanwendung)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-09-08","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2948239"},{"Id":"2948317","SAP_Component":"CEC-COM-CPS","Title":"Schwachstellen in Open-Source-Bibliotheken, die in SAP Commerce verwendet werden","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-08-11","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2948317"},{"Id":"2949196","SAP_Component":"FI-TV-COS","Title":"[CVE-2020-6301] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP (HCM-Reisemanagement)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-08-11","Link":"https:\/\/me.sap.com\/notes\/2949196"},{"Id":"2951325","SAP_Component":"FS-BA-PM-SFA","Title":"[CVE-2020-6311] Nicht geeignete Berechtigungspr\u00c3\u00bcfung im Bank Analyzer von Services f\u00c3\u00bcr das Bankwesen von SAP und SAP S\/4HANA f\u00c3\u00bcr Finanzprodukte","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-27","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2951325"},{"Id":"2952084","SAP_Component":"BC-XI-CON","Title":"[CVE-2020-26814] Offenlegung von Informationen in SAP Process Integration (PGP-Modul \u00e2\u20ac\u201c Business-to-Business-Add-On)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2952084"},{"Id":"2953112","SAP_Component":"EP-KM-CM-UI","Title":"[CVE-2020-6326] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS Java","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-09-08","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2953112"},{"Id":"2953203","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2020-6317] Offenlegung von Informationen in SAP Adaptive Server Enterprise","CVSS_Score":"2.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-09-08","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2953203"},{"Id":"2953212","SAP_Component":"FS-BA-SD-PO","Title":"[CVE-2020-6362] Falsche Berechtigung in Services f\u00c3\u00bcr das Bankwesen von SAP","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2953212"},{"Id":"2955963","SAP_Component":"CEC-MKT-CPG-UI","Title":"Cross-Site-Request-Forgery-Schwachstelle (CSRF) in SAP Marketing","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2955963"},{"Id":"2956398","SAP_Component":"BC-JAS-WEB","Title":"[CVE-2020-6319] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS Java","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2956398"},{"Id":"2958563","SAP_Component":"BW-SYS-DB-SYB","Title":"[CVE-2020-6318] Code-Injection-Schwachstelle in SAP NetWeaver (ABAP-Server) und ABAP-Plattform","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-09-08","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2958563"},{"Id":"2960329","SAP_Component":"EP-PIN-NAV-FFP","Title":"[CVE-2020-6323] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal (SAP-Fiori-Framework-Seite)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2960329"},{"Id":"2960815","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-09-08","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2960815"},{"Id":"2960825","SAP_Component":"EPM-BPC-NW","Title":"[CVE-2020-6368] Cross-Site Scripting-(XSS)-Schwachstelle in SAP Business Planning and Consolidation","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2960825"},{"Id":"2961991","SAP_Component":"CEC-MKT-MOB","Title":"[CVE-2020-6320] Falsche Zugriffskontrolle in SAP Marketing (Mobile-Channel-Servlet)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-09-08","First_released_on":"2020-09-08","Link":"https:\/\/me.sap.com\/notes\/2961991"},{"Id":"2963137","SAP_Component":"BC-MUS-POW","Title":"[CVE-2020-6371] Information disclosure in SAP NetWeaver AS ABAP via the POWL Test Feeder endpoint","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2963137"},{"Id":"2963592","SAP_Component":"EP-PDK-HBJ","Title":"[CVE-2021-27601] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS Java (Anwendungen basierend auf HTMLB f\u00c3\u00bcr Java)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/2963592"},{"Id":"2965154","SAP_Component":"BI-RA-WBI-FE","Title":"[CVE-2021-21447] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (Web-Intelligence-HTML-Schnittstelle)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-01-12","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/2965154"},{"Id":"2965287","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2020-6363] Unzureichender Sitzungsablauf in SAP Commerce Cloud","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2965287"},{"Id":"2965315","SAP_Component":"BC-JAS-ADM-ADM","Title":"[CVE-2020-6365] Reverse-Tabnabbing-Schwachstelle auf der Startseite von SAP NetWeaver AS Java","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2965315"},{"Id":"2969457","SAP_Component":"BC-JAS-ADM-MON","Title":"[CVE-2020-6366] Fehlende XML-Validierung in SAP NetWeaver (Systeme vergleichen)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2969457"},{"Id":"2969828","SAP_Component":"XX-PART-WILY","Title":"[CVE-2020-6364] BS-Command-Injection-Schwachstelle in CA Introscope Enterprise Manager (betroffene Produkte: SAP Solution Manager und SAP Focused Run)","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2969828"},{"Id":"2971112","SAP_Component":"EPM-EBI","Title":"[CVE-2020-26807] Incorrect Default Permissions in SAP ERP Client for E-Bilanz 1.0","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2971112"},{"Id":"2971163","SAP_Component":"BC-JAS-SEC","Title":"[CVE-2020-26816] Fehlende Verschl\u00c3\u00bcsselung in SAP NetWeaver AS Java (Key Storage Service)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-12-22","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2971163"},{"Id":"2971180","SAP_Component":"EPM-DSM-GEN","Title":"[CVE-2020-26828] Formula Injection in SAP Disclosure Management","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-12-08","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2971180"},{"Id":"2971638","SAP_Component":"XX-PART-WILY","Title":"[CVE-2020-6369] Fest programmierte Anmeldeinformationen in CA Introscope Enterprise Manager (betroffene Produkte: SAP Solution Manager und SAP Focused Run)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-11-09","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2971638"},{"Id":"2971954","SAP_Component":"BW-WHM-DST-ARC","Title":"[CVE-2020-26818] Mehrere Schwachstellen in SAP NetWeaver AS ABAP (Web Dynpro)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2971954"},{"Id":"2972275","SAP_Component":"BC-BSP","Title":"Reverse-Tabnabbing-Schwachstelle in Anwendungen auf Basis von SAP Business Server Pages in SAP NetWeaver AS ABAP","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2972275"},{"Id":"2972661","SAP_Component":"BC-DWB-JAV-CAF","Title":"[CVE-2020-6367] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Composite Application Framework","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2972661"},{"Id":"2973100","SAP_Component":"CA-ATP-SUB","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in \"Ersetzungen verwalten - Produkte\" und \"Ausschl\u00c3\u00bcsse verwalten - Produkte\"","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2973100"},{"Id":"2973428","SAP_Component":"BC-FES-ITS","Title":"Reverse-Tabnabbing-Schwachstelle in SAP NetWeaver Application Server ABAP (Anwendungen, die auf SAP GUI for HTML basieren)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2973428"},{"Id":"2973497","SAP_Component":"CA-VE-VEV","Title":"[CVE-2020-6315] Mehrere Schwachstellen in SAP 3D Visual Enterprise Viewer","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-10-13","First_released_on":"2020-10-13","Link":"https:\/\/me.sap.com\/notes\/2973497"},{"Id":"2973735","SAP_Component":"CA-LT-PCL","Title":"[CVE-2020-26808] Code-Injection-Schwachstelle in SAP AS ABAP und SAP S\/4HANA (DMIS)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-11-17","First_released_on":"2020-11-11","Link":"https:\/\/me.sap.com\/notes\/2973735"},{"Id":"2974330","SAP_Component":"BC-NWA-XPI","Title":"[CVE-2020-26826] Uneingeschr\u00c3\u00a4nkte Datei-Upload-Schwachstelle in SAP NetWeaver Application Server f\u00c3\u00bcr Java (Process Integration Monitoring)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-12-08","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2974330"},{"Id":"2974582","SAP_Component":"BC-WD-ABA","Title":"[CVE-2021-21478] Reverse-Tabnabbing-Schwachstelle in SAP NetWeaver Application Server ABAP (Anwendungen auf Basis von Web Dynpro ABAP)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2974582"},{"Id":"2974774","SAP_Component":"BC-JAS-COR-CLS","Title":"[CVE-2020-26829] Fehlende Authentifizierungspr\u00c3\u00bcfung in SAP NetWeaver AS JAVA (P2P-Cluster-Kommunikation)","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-12-08","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2974774"},{"Id":"2975170","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2020-26810] Mehrere Schwachstellen in SAP Commerce Cloud (Accelerator Payment Mock)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2975170"},{"Id":"2975189","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2020-26809] Offenlegung von Informationen in SAP Commerce Cloud","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2975189"},{"Id":"2976947","SAP_Component":"BC-WD-JAV","Title":"[CVE-2021-21491] Reverse-TabNabbing-Schwachstelle in SAP NetWeaver Application Server Java (Anwendungen auf Basis von Web Dynpro Java)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-05-11","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/2976947"},{"Id":"2977001","SAP_Component":"EP-PDK-HBJ","Title":"Reverse-Tabnabbing-Schwachstelle in SAP NetWeaver Application Server Java (Anwendungen basierend auf HTMLB f\u00c3\u00bcr Java)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/2977001"},{"Id":"2978151","SAP_Component":"BC-WD-UR","Title":"Reverse-Tabnabbing-Problem in Unified-Rendering-basierten Frameworks in SAP NetWeaver Application Server Java","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/2978151"},{"Id":"2978768","SAP_Component":"HAN-DB-SEC","Title":"[CVE-2020-26834 ] Falsche Authentifizierung in SAP-HANA-Datenbank","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-12-08","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2978768"},{"Id":"2979062","SAP_Component":"BC-ESI-UDDI","Title":"[CVE-2020-26820] Berechtigungseskalation in SAP NetWeaver Application Server for Java (UDDI-Server)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-12-22","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2979062"},{"Id":"2982840","SAP_Component":"EIM-DS-DEP","Title":"Multiple Vulnerabilities in SAP Data Services","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2982840"},{"Id":"2983204","SAP_Component":"SV-SMG-MON-EEM","Title":"[CVE-2020-26837] Diverse Schwachstellen in SAP Solution Manager 7.2 (User-Experience-Monitoring)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-12-08","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2983204"},{"Id":"2983367","SAP_Component":"BW-WHM-DBA-MD","Title":"[CVE-2020-26838] Code-Injection-Schwachstelle in SAP Business Warehouse (Master Data Management) und SAP BW4HANA","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-01-12","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2983367"},{"Id":"2983436","SAP_Component":"EP-KM-CM-UI","Title":"[CVE-2021-21488] Unsichere Deserialisierung in Knowledge Management von SAP NetWeaver","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/2983436"},{"Id":"2984034","SAP_Component":"CEC-HCS-SEC","Title":"[CVE-2021-21445] Header-Manipulations-Schwachstelle in SAP Commerce Cloud","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-01-12","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/2984034"},{"Id":"2984627","SAP_Component":"CA-FE-NEW","Title":"[CVE-2020-26815] Sicherheitsschwachstellen im SAP Fiori Launchpad (Anwendung f\u00c3\u00bcr Nachrichtenkachel)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2984627"},{"Id":"2985094","SAP_Component":"CA-VE-VEV","Title":"[CVE-2020-26817] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2985094"},{"Id":"2985562","SAP_Component":"CEC-HCS-CCAZ-CZO","Title":"[CVE-2021-33666] Cross-Site-Scripting (XSS) in SAP Commerce Cloud","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/2985562"},{"Id":"2985866","SAP_Component":"SV-SMG-MON-EEM","Title":"[Mehrere CVE-IDs] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Solution Manager (JAVA-Stack)","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:N\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-11-10","First_released_on":"2020-11-10","Link":"https:\/\/me.sap.com\/notes\/2985866"},{"Id":"2985905","SAP_Component":"CA-GTF-CSC-DME","Title":"[CVE-2023-24524] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA - Treasury-Korrespondenzformatdaten zuordnen","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/2985905"},{"Id":"2986980","SAP_Component":"BW-WHM-DST-DBC","Title":"[CVE-2021-21465] Mehrere Schwachstellen in SAP Business Warehouse (Datenbankschnittstelle)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-02-09","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/2986980"},{"Id":"2988956","SAP_Component":"CO-FIO-OM-PL","Title":"Cross-Site Request Forgery (CSRF) vulnerability in S\/4HANA OP2020, OP1909 in Import Financial Plan Data","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-28","First_released_on":"2021-09-28","Link":"https:\/\/me.sap.com\/notes\/2988956"},{"Id":"2988962","SAP_Component":"CO-FIO-OM-PL","Title":"Cross-Site Request Forgery (CSRF) vulnerability for S\/4HANA OP2020, OP1909 in Import Financial Plan Data","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-28","First_released_on":"2021-09-28","Link":"https:\/\/me.sap.com\/notes\/2988962"},{"Id":"2989075","SAP_Component":"BI-RA-CR-VW","Title":"[CVE-2020-26831] Schwachstelle mit Blick auf fehlende XML-Validierung in SAP-BusinessObjects-Business-Intelligence-Plattform (Crystal Reports)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2020-12-08","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2989075"},{"Id":"2989719","SAP_Component":"FI-CF-INF","Title":"Missing Authorization check in S\/4HANA (Central Finance)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-11-24","First_released_on":"2020-11-24","Link":"https:\/\/me.sap.com\/notes\/2989719"},{"Id":"2990992","SAP_Component":"EHS-SUS-EM","Title":"Missing Authorization Checks in the Monitor Data and My Data Collections Apps","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2990992"},{"Id":"2992154","SAP_Component":"HAN-DB-SEC","Title":"[CVE-2021-21474] SAML-Assertion-Signatur: MD5-Digest-Algorithmus-Schwachstelle in SAP-HANA-Datenbank","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Beratung","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2992154"},{"Id":"2992269","SAP_Component":"BC-FES-GUI","Title":"[CVE-2021-21448] Offenlegung von Informationen in SAP GUI for Windows","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-01-12","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/2992269"},{"Id":"2993032","SAP_Component":"MDM-FN-MDS-SEC","Title":"[CVE-2021-21469] Information Disclosure in SAP NetWeaver Master Data Management","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-01-12","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/2993032"},{"Id":"2993132","SAP_Component":"CA-DT-CNV","Title":"[CVE-2020-26832] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver AS ABAP und SAP S\/4HANA (SAP Landscape Transformation)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2993132"},{"Id":"2994289","SAP_Component":"CA-WUI-UI","Title":"Reverse-Tabnabbing-Schwachstelle in SAP-CRM-WebClient-UI","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2994289"},{"Id":"2996479","SAP_Component":"BC-ABA-LA","Title":"[CVE-2020-26835] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2020-12-08","First_released_on":"2020-12-08","Link":"https:\/\/me.sap.com\/notes\/2996479"},{"Id":"2998173","SAP_Component":"MDM-FN-INS","Title":"[CVE-2021-21472] Server password not set during installation of SAP NetWeaver Master Data Management 7.1","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Info zur Installation","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/2998173"},{"Id":"2998510","SAP_Component":"BI-BIP-INS","Title":"[CVE-2022-28214] Offenlegung von Informationen f\u00c3\u00bcr Central Management Server bei Business-Intelligence-Aktualisierung","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/2998510"},{"Id":"2999590","SAP_Component":"EHS-SUS-EM","Title":"Incomplete authorization checks for import of environmental data","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-05-25","First_released_on":"2021-05-25","Link":"https:\/\/me.sap.com\/notes\/2999590"},{"Id":"2999854","SAP_Component":"BW-BEX-OT-DBIF","Title":"[CVE-2021-21466] Code Injection in SAP Business Warehouse und SAP BW\/4HANA","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-04-27","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/2999854"},{"Id":"3000291","SAP_Component":"EPM-XLS-SEC","Title":"[CVE-2021-21470] XML External Entity vulnerability in SAP EPM add-in","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Externer Fehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2021-01-12","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/3000291"},{"Id":"3000306","SAP_Component":"BC-ABA-LA","Title":"[CVE-2021-21446] Denial-of-Service (DoS) in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-01-26","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/3000306"},{"Id":"3000663","SAP_Component":"BC-CST-WDP","Title":"[CVE-2021-33683] HTTP-Request-Smuggling in SAP Web Dispatcher und Internet Communication Manager","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-28","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3000663"},{"Id":"3000897","SAP_Component":"MDM-FN-MDS-SEC","Title":"[CVE-2021-21475] Directory Traversal vulnerability in SAP NetWeaver Master Data Management 7.1","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/3000897"},{"Id":"3001373","SAP_Component":"CEC-BAF-DOM","Title":"Offenlegung von Informationen im zentralen Auftrag","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2020-12-22","First_released_on":"2020-12-22","Link":"https:\/\/me.sap.com\/notes\/3001373"},{"Id":"3001824","SAP_Component":"BC-JAS-COR","Title":"[CVE-2021-21485] Offenlegung von Informationen in SAP NetWeaver AS f\u00c3\u00bcr Java (Telnet-Befehle)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3001824"},{"Id":"3002517","SAP_Component":"BC-SRV-RM","Title":"[CVE-2021-21473] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3002517"},{"Id":"3002617","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-01-12","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/3002617"},{"Id":"3004043","SAP_Component":"CA-SUR","Title":"[CVE-2021-21490] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Netweaver AS for ABAP (Web Survey)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3004043"},{"Id":"3005802","SAP_Component":"FIN-FSCM-PF","Title":"Cross-Site Request Forgery (CSRF) vulnerability in S\/4HANA Finance for advanced payment management","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-23","First_released_on":"2021-03-23","Link":"https:\/\/me.sap.com\/notes\/3005802"},{"Id":"3007182","SAP_Component":"BC-MID-RFC","Title":"[CVE-2021-27610] Falsche Authentifizierung in SAP NetWeaver ABAP-Server und ABAP-Plattform","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-07-13","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3007182"},{"Id":"3007888","SAP_Component":"IS-B-BCA","Title":"[CVE-2021-21486] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Enterprise Financial Services (Bankenkontokorrent)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/3007888"},{"Id":"3008422","SAP_Component":"FS-BA-SD-PO","Title":"[CVE-2021-21467] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Banking Services (generische Marktdaten)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-01-12","First_released_on":"2021-01-12","Link":"https:\/\/me.sap.com\/notes\/3008422"},{"Id":"3012021","SAP_Component":"BC-XI-IBF-UI","Title":"[Mehrere CVEs] Mehrere Schwachstellen in SAP Process Integration (Integration Builder Framework)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-05-11","First_released_on":"2021-05-11","Link":"https:\/\/me.sap.com\/notes\/3012021"},{"Id":"3012277","SAP_Component":"BC-XI-IBF-COR","Title":"[CVE-2021-27599] Offenlegung von Informationen in SAP Process Integration (Integration Builder Framework)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3012277"},{"Id":"3014121","SAP_Component":"CEC-COM-CPS-CKP","Title":"[CVE-2021-21477] Schwachstelle bez\u00c3\u00bcglich Remote-Ausf\u00c3\u00bchrung von Code in SAP Commerce","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/3014121"},{"Id":"3014303","SAP_Component":"CA-UI5-COR","Title":"[CVE-2021-21476] Reverse-Tabnabbing-Schwachstelle in SAPUI5","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-02-09","First_released_on":"2021-02-09","Link":"https:\/\/me.sap.com\/notes\/3014303"},{"Id":"3017378","SAP_Component":"HAN-DB-SEC","Title":"[CVE-2021-21484] M\u00c3\u00b6gliche Authentifizierungsumgehung in SAP-HANA-LDAP-Szenarien","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/3017378"},{"Id":"3017823","SAP_Component":"SV-SMG-INS-CFG","Title":"[CVE-2021-21483] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Solution Manager","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3017823"},{"Id":"3017908","SAP_Component":"MDM-FN-MDS-SEC","Title":"[CVE-2021-21482] Offenlegung von Informationen in SAP NetWeaver Master Data Management","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3017908"},{"Id":"3020104","SAP_Component":"BC-CST-EQ","Title":"[Mehrere CVEs] Schwachstelle durch Speicherschaden in SAP-NetWeaver-ABAP-Server und ABAP-Plattform","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3020104"},{"Id":"3020209","SAP_Component":"BC-CST-GW","Title":"[Mehrere CVEs] Schwachstelle durch Speicherschaden in SAP-NetWeaver-ABAP-Server und ABAP-Plattform","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3020209"},{"Id":"3021050","SAP_Component":"BC-FES-IGS","Title":"[Mehrere CVEs] Schwachstelle durch Speicherschaden in SAP Internet Graphics Service","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3021050"},{"Id":"3021197","SAP_Component":"BC-CST-DP","Title":"[Mehrere CVEs] Schwachstelle durch Speicherschaden in SAP-NetWeaver-ABAP-Server und ABAP-Plattform","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3021197"},{"Id":"3022422","SAP_Component":"BC-UPG-TLS-TLJ","Title":"[CVE-2021-21481] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver AS JAVA (MigrationService)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-04-13","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/3022422"},{"Id":"3022622","SAP_Component":"MFG-MII","Title":"[CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-04-12","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/3022622"},{"Id":"3023078","SAP_Component":"BC-FES-CTL","Title":"[CVE-2021-27612] SAP GUI for Windows k\u00c3\u00b6nnte Benutzer auf eine nicht vertrauensw\u00c3\u00bcrdige Website umleiten","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2021-05-11","First_released_on":"2021-05-11","Link":"https:\/\/me.sap.com\/notes\/3023078"},{"Id":"3023299","SAP_Component":"BC-JAS-SEC-UME","Title":"[CVE-2021-27621] Offenlegung von Informationen in SAP NetWeaver AS f\u00c3\u00bcr Java (UserAdmin)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3023299"},{"Id":"3023778","SAP_Component":"FS-PE","Title":"[CVE-2021-21487] Fehlende Berechtigungspr\u00c3\u00bcfung in Payment Engine","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:L\/UI:N\/S:C\/C:N\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/3023778"},{"Id":"3024414","SAP_Component":"MFG-ME-API","Title":"[CVE-2021-27600 ] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution (System Rules)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3024414"},{"Id":"3025054","SAP_Component":"FI-TV-ODT-MTE","Title":"[CVE-2021-27605] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP-Fiori-Apps f\u00c3\u00bcr HCM-Reisemanagement V2","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3025054"},{"Id":"3025604","SAP_Component":"BC-WD-ABA","Title":"[CVE-2021-33664] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (auf Web Dynpro ABAP basierende Anwendungen)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3025604"},{"Id":"3025637","SAP_Component":"BC-JAS-WEB","Title":"[CVE-2021-21492] Content-Spoofing im HTTP-Service von SAP NetWeaver AS Java","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3025637"},{"Id":"3027758","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/3027758"},{"Id":"3027767","SAP_Component":"CA-VE-VEV","Title":"[CVE-2021-27592] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-09","First_released_on":"2021-03-09","Link":"https:\/\/me.sap.com\/notes\/3027767"},{"Id":"3027937","SAP_Component":"BC-JAS-ADM-ADM","Title":"[CVE-2021-27598] Falsche Zugriffskontrolle in SAP NetWeaver AS f\u00c3\u00bcr Java (Customer-Usage-Provisioning-Servlet)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3027937"},{"Id":"3028370","SAP_Component":"BC-FES-WGU","Title":"[CVE-2021-33665] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (auf SAP GUI for HTML basierende Anwendungen)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3028370"},{"Id":"3028729","SAP_Component":"BC-SRV-PMI","Title":"[CVE-2021-27603] Denial-of-Service (DoS) in SAP NetWeaver AS ABAP","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"PERFORMANCE","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3028729"},{"Id":"3030604","SAP_Component":"BC-CST-IC","Title":"[CVE-2021-33663] Klartext-Injection in SAP NetWeaver AS f\u00c3\u00bcr ABAP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3030604"},{"Id":"3030948","SAP_Component":"SV-FRN-APP-SDD","Title":"[CVE-2021-27609] Missing Authorization check in SAP Focused RUN","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-27","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3030948"},{"Id":"3030961","SAP_Component":"MFG-ME-API","Title":"[CVE-2021-27615] Cross-Site Scripting (XSS) vulnerability in SAP Manufacturing Execution","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3030961"},{"Id":"3032624","SAP_Component":"BC-MID-RFC","Title":"[CVE-2021-33684] Speicherbesch\u00c3\u00a4digung in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3032624"},{"Id":"3035472","SAP_Component":"CA-VE-VEV","Title":"[Multiple CVEs] Improper Input Validation in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-03-18","First_released_on":"2021-03-18","Link":"https:\/\/me.sap.com\/notes\/3035472"},{"Id":"3036436","SAP_Component":"BC-XI-IBD-MAP","Title":"[CVE-2021-27604] M\u00c3\u00b6gliche XXE-Schwachstelle in SAP Process Integration (ESR-Java-Mappings)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-22","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3036436"},{"Id":"3036679","SAP_Component":"BC-CST-DP","Title":"Aktualisierung 1 zu Sicherheitshinweis 1576763: Potenzielle Offenlegung von Informationen zu Benutzernamen","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3036679"},{"Id":"3038594","SAP_Component":"BC-JAS-ADM-ADM","Title":"[CVE-2021-33689] Unzureichende Protokollierung in SAP NetWeaver AS for JAVA (Administrator)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3038594"},{"Id":"3038911","SAP_Component":"BI-BIP-ADM","Title":"[CVE-2023-31404] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in der SAP-BusinessObjects-Business-Intelligence-Plattform (Central Management Service)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3038911"},{"Id":"3039649","SAP_Component":"BC-FES-INS","Title":"[CVE-2021-27608] Suchpfad ohne Anf\u00c3\u00bchrungszeichen in SAPSetup","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-04-13","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3039649"},{"Id":"3039818","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2021-27619] Offenlegung von Informationen in SAP Commerce Cloud (Backoffice-Suche)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-05-11","First_released_on":"2021-05-11","Link":"https:\/\/me.sap.com\/notes\/3039818"},{"Id":"3040210","SAP_Component":"CEC-COM-CPS-CKP","Title":"[CVE-2021-27602] Schwachstelle bez\u00c3\u00bcglich Remote-Quelltextausf\u00c3\u00bchrung in SourceRules von SAP Commerce","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-06-08","First_released_on":"2021-04-13","Link":"https:\/\/me.sap.com\/notes\/3040210"},{"Id":"3044751","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2021-33667] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP BusinessObjects Web Intelligence (BI-Launchpad)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3044751"},{"Id":"3044754","SAP_Component":"BC-MID-RFC-BG","Title":"[CVE-2021-33677] Information Disclosure in SAP NetWeaver AS ABAP and ABAP Platform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3044754"},{"Id":"3046610","SAP_Component":"BC-CTS-ORG","Title":"[CVE-2021-27611] Code-Injection-Schwachstelle in SAP NetWeaver AS ABAP","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-05-11","First_released_on":"2021-05-11","Link":"https:\/\/me.sap.com\/notes\/3046610"},{"Id":"3048657","SAP_Component":"BC-SRV-BP","Title":"[CVE-2021-33678] Code-Injection-Schwachstelle in SAP NetWeaver AS ABAP (Reconciliation Framework)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3048657"},{"Id":"3049661","SAP_Component":"SBO-HANA-COM","Title":"[CVE-2021-27616] Mehrere Schwachstellen in SAP Business One, Version f\u00c3\u00bcr SAP HANA (business-one-hana-chef-cookbook)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Info zur Installation","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-05-11","First_released_on":"2021-05-11","Link":"https:\/\/me.sap.com\/notes\/3049661"},{"Id":"3049755","SAP_Component":"SBO-BC-INT","Title":"[CVE-2021-27613] Offenlegung von Informationen in SAP Business One (Chef Cookbook business-one-cookbook)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Info zur Installation","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-05-11","First_released_on":"2021-05-11","Link":"https:\/\/me.sap.com\/notes\/3049755"},{"Id":"3049879","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2021-27637] Offenlegung von Informationen in SAP Enable Now (SAP Workforce Performance Builder - Manager)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:P\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:N","Category":"Info zum Upgrade","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3049879"},{"Id":"3049899","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2022-35297] Stored-Cross-Site-Scripting-Schwachstelle (XSS) in SAP Enable Now","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Info zum Upgrade","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3049899"},{"Id":"3051005","SAP_Component":"CA-FLP-ABA","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in SAP Fiori Launchpad","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2021-12-14","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3051005"},{"Id":"3051787","SAP_Component":"BC-IAM-SSO-CCL","Title":"[CVE-2021-38177] NullPointer-Dereferenz-Schwachstelle in SAP CommonCryptoLib","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3051787"},{"Id":"3053066","SAP_Component":"BC-ESI-WS-JAV-CFG","Title":"[CVE-2021-27635] Fehlende XML-Validierung in SAP NetWeaver AS f\u00c3\u00bcr Java","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3053066"},{"Id":"3053403","SAP_Component":"BI-LUM-SRV-BIP","Title":"[CVE-2021-33682] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Lumira Server","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3053403"},{"Id":"3055044","SAP_Component":"BI-DEV-WEB","Title":"[CVE-2022-28213] Schwachstelle mit Blick auf fehlende XML-Validierung in SAP-BusinessObjects-Business-Intelligence-Plattform (dswsbobje - SOAP-Webdienste)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3055044"},{"Id":"3055180","SAP_Component":"BI-BIP-INV","Title":"[CVE-2021-33679] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (BI-Arbeitsbereich)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3055180"},{"Id":"3055347","SAP_Component":"CA-UI5-COR","Title":"Schwachstelle in Cross-Site-Scripting (XSS) in SAPUI5","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3055347"},{"Id":"3056652","SAP_Component":"BC-JAS-WEB","Title":"[CVE-2021-33670] Denial-of-Service (DoS) in SAP NetWeaver AS for Java (HTTP-Service)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3056652"},{"Id":"3057378","SAP_Component":"BC-CST-WDP","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Web Dispatcher","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3057378"},{"Id":"3058382","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-33662] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3058382"},{"Id":"3058553","SAP_Component":"BC-MID-SCC","Title":"[CVE-2021-33695] Mehrere Schwachstellen im SAP Cloud Connector","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3058553"},{"Id":"3059446","SAP_Component":"BC-GP","Title":"[CVE-2021-33671] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver Guided Procedures","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3059446"},{"Id":"3059764","SAP_Component":"EP-PIN-NAV","Title":"[CVE-2021-33687] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP NetWeaver AS for Java (Enterprise Portal)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:H\/I:N\/A:N","Category":"Modifikation","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3059764"},{"Id":"3059999","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-06-08","First_released_on":"2021-06-08","Link":"https:\/\/me.sap.com\/notes\/3059999"},{"Id":"3060621","SAP_Component":"BC-FES-BUS-DSK","Title":"[CVE-2021-38150] Offenlegung von Informationen in SAP Business Client","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3060621"},{"Id":"3062085","SAP_Component":"BI-RA-CR-VW","Title":"[CVE-2021-33696] Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Crystal Report)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3062085"},{"Id":"3063048","SAP_Component":"BI-BIP-INV","Title":"[CVE-2021-33697] Reverse Tabnabbing in SAP BusinessObjects Business Intelligence Platform (SAP UI5)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3063048"},{"Id":"3066316","SAP_Component":"CRM-MKT-SEG-TGR","Title":"[CVE-2021-33676] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP CRM ABAP","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3066316"},{"Id":"3067219","SAP_Component":"MOB-FC","Title":"[CVE-2021-33699] Task Hijacking in SAP Fiori Client Native Mobile for Android","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3067219"},{"Id":"3067890","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-07-13","First_released_on":"2021-07-13","Link":"https:\/\/me.sap.com\/notes\/3067890"},{"Id":"3068337","SAP_Component":"CEC-MKT-CPG-LNS","Title":"Reverse-Tabnabbing-Schwachstelle in SAP Marketing Lead Nurture Stream","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3068337"},{"Id":"3068582","SAP_Component":"FI-LOC-FI-FR","Title":"[CVE-2021-38164] Fehlende Berechtigungspr\u00c3\u00bcfung im SAP-ERP-Finanzwesen\/RFOPENPOSTING_FR","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-11-09","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3068582"},{"Id":"3069032","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-33685] Directory-Traversal-Schwachstelle in SAP Business One","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3069032"},{"Id":"3069882","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-33688] SQL-Injection-Schwachstelle in SAP Business One","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3069882"},{"Id":"3070138","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-33686] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3070138"},{"Id":"3071984","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-33698] Unrestricted File Upload vulnerability in SAP Business One","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-08-24","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3071984"},{"Id":"3072920","SAP_Component":"EP-PIN-NAV","Title":"[CVE-2021-33703] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3072920"},{"Id":"3072955","SAP_Component":"BC-CTS-CBS-SRV","Title":"[CVE-2021-33690] Server-Side-Request-Forgery-Schwachstelle in SAP NetWeaver Development Infrastructure (Component Build Service)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3072955"},{"Id":"3073325","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-33700] Missing Authentication check in SAP Business One","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3073325"},{"Id":"3073450","SAP_Component":"BC-CTS-DI","Title":"[CVE-2021-33691] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Development Infrastructure (Notification-Service)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3073450"},{"Id":"3073681","SAP_Component":"EP-PIN-NAV","Title":"[CVE-2021-33702] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3073681"},{"Id":"3073891","SAP_Component":"CRM-CCI","Title":"[CVE-2021-33672] Mehrere Schwachstellen in SAP Contact Center","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3073891"},{"Id":"3074693","SAP_Component":"BI-RA-CR-DB","Title":"[CVE-2021-40500] Schwachstelle mit Blick auf fehlende XML-Validierung in SAP-BusinessObjects-Business-Intelligence-Plattform (Crystal Reports)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3074693"},{"Id":"3074819","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-38179] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3074819"},{"Id":"3074844","SAP_Component":"EP-PIN-URL-UIV","Title":"[CVE-2021-33705] Server-Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Enterprise Portal","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3074844"},{"Id":"3075546","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-37532] Directory Listing in SAP Business One aktiviert","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3075546"},{"Id":"3076399","SAP_Component":"EP-KM-CM","Title":"[CVE-2021-33707] URL Redirection vulnerability in SAP NetWeaver (Knowledge Management)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3076399"},{"Id":"3077635","SAP_Component":"LOD-SF-FWK","Title":"[CVE-2021-40498] Denial-of-Service-Schwachstelle (DoS) in Anwendung SAP SuccessFactors Mobile f\u00c3\u00bcr Android-Ger\u00c3\u00a4te","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-12-14","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3077635"},{"Id":"3078072","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-33704] Missing Authorization Check in SAP Business One (Service Layer)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3078072"},{"Id":"3078312","SAP_Component":"BC-UPG-NZ","Title":"[CVE-2021-33701] SQL-Injection-Schwachstelle in SAP NZDT Row Count Reconciliation","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-08-10","First_released_on":"2021-08-10","Link":"https:\/\/me.sap.com\/notes\/3078312"},{"Id":"3078609","SAP_Component":"BC-JAS-JMS","Title":"[CVE-2021-37535] Fehlende Berechtigungspr\u00c3\u00bcfung im SAP NetWeaver Application Server f\u00c3\u00bcr Java (JMS Connector Service)","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3078609"},{"Id":"3079427","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-38180] CSV-Injection in SAP Business One","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3079427"},{"Id":"3080106","SAP_Component":"BC-FES-GUI","Title":"[CVE-2021-40503] Offenlegung von Informationen in SAP GUI for Windows","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-11-09","First_released_on":"2021-11-09","Link":"https:\/\/me.sap.com\/notes\/3080106"},{"Id":"3080567","SAP_Component":"BC-CST-WDP","Title":"[CVE-2021-38162] HTTP-Request-Smuggling im SAP Web Dispatcher","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-03-22","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3080567"},{"Id":"3080710","SAP_Component":"BC-CST-IC","Title":"[CVE-2021-38181] Denial-of-Service (DoS) in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3080710"},{"Id":"3080816","SAP_Component":"GRC-ACP","Title":"[CVE-2021-44233] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP GRC Access Control","CVSS_Score":"2.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-01-05","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3080816"},{"Id":"3081888","SAP_Component":"BC-ESI-WS-JAV-RT","Title":"[CVE-2021-37531] Code-Injection-Schwachstelle in SAP NetWeaver Knowledge Management (XMLForms)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3081888"},{"Id":"3082219","SAP_Component":"EP-PIN-PRT","Title":"[CVE-2021-21489] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3082219"},{"Id":"3082500","SAP_Component":"BW-BEX-OT-RRI","Title":"[CVE-2021-38175] Offenlegung von Informationen in SAP Analysis f\u00c3\u00bcr Microsoft Office","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3082500"},{"Id":"3084487","SAP_Component":"EP-VC-RTM","Title":"[CVE-2021-38163] Schwachstelle bzgl. uneingeschr\u00c3\u00a4nktem Datei-Upload in SAP NetWeaver (Visual Composer 7.0 RT)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3084487"},{"Id":"3084937","SAP_Component":"BC-CTS-TMS","Title":"[CVE-2021-38183] Cross-Site-Scripting-Schwachstelle (XSS) im cms-Service von SAP NetWeaver","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3084937"},{"Id":"3087254","SAP_Component":"BC-MID-ICF-LGN","Title":"[CVE-2021-40496] Falsche Zugriffskontrolle in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3087254"},{"Id":"3087791","SAP_Component":"CA-VE-VEV","Title":"[CVE-2021-38174] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-09-14","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3087791"},{"Id":"3088078","SAP_Component":"BW-BEX-OT-BICS-PROV","Title":"[CVE-2023-33992] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Business Warehouse und SAP BW\/4HANA","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3088078"},{"Id":"3089413","SAP_Component":"BC-MID-RFC","Title":"[CVE-2023-0014] Schwachstelle bez\u00c3\u00bcglich der Capture-Replay in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-01-10","First_released_on":"2023-01-10","Link":"https:\/\/me.sap.com\/notes\/3089413"},{"Id":"3089831","SAP_Component":"BC-UPG-NZ","Title":"[CVE-2021-38176] SQL-Injection-Schwachstelle in SAP NZDT Mapping Table Framework","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-11-23","First_released_on":"2021-09-14","Link":"https:\/\/me.sap.com\/notes\/3089831"},{"Id":"3097887","SAP_Component":"BC-CTS-ORG","Title":"[CVE-2021-38178] Falsche Authentifizierung in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3097887"},{"Id":"3098917","SAP_Component":"BI-RA-AWB","Title":"[CVE-2021-40497] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP BusinessObjects Analysis (Edition f\u00c3\u00bcr OLAP)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3098917"},{"Id":"3099011","SAP_Component":"BC-ABA-LA","Title":"[CVE-2021-40495] Denial-of-Service (DoS) in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3099011"},{"Id":"3099776","SAP_Component":"BC-MID-RFC","Title":"[CVE-2021-40501] Fehlende Berechtigungspr\u00c3\u00bcfung im Kernel der ABAP-Plattform","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-11-09","First_released_on":"2021-11-09","Link":"https:\/\/me.sap.com\/notes\/3099776"},{"Id":"3100882","SAP_Component":"BC-CCM-PRN","Title":"[CVE-2021-40499] Code-Injection-Schwachstelle f\u00c3\u00bcr SAP NetWeaver Application Server f\u00c3\u00bcr ABAP (SAP Cloud Print Manager und SAPSprint)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3100882"},{"Id":"3101299","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-42066] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-01-11","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3101299"},{"Id":"3101406","SAP_Component":"XAP-EM","Title":"Potenzielle XML-External-Entity-Injection-Schwachstelle in SAP Environmental Compliance","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-10-12","First_released_on":"2021-10-12","Link":"https:\/\/me.sap.com\/notes\/3101406"},{"Id":"3101986","SAP_Component":"CA-WUI-UI","Title":"CSP-Unterst\u00c3\u00bctzung f\u00c3\u00bcr On-Premise-Downport f\u00c3\u00bcr Codeabh\u00c3\u00a4ngigkeit im SAP CRM WebClient UI vorbereiten","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3101986"},{"Id":"3102769","SAP_Component":"KM-KW-HTA","Title":"[CVE-2021-42063] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Knowledge Warehouse","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3102769"},{"Id":"3103424","SAP_Component":"BI-BIP-SL-ENG-OLA","Title":"[CVE-2022-24398] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3103424"},{"Id":"3103677","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2021-42061] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (Web Intelligence)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-12-14","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3103677"},{"Id":"3104349","SAP_Component":"FIN-FSCM-PF","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA Finance f\u00c3\u00bcr erweiterte Zahlungsverwaltung","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-03-22","Link":"https:\/\/me.sap.com\/notes\/3104349"},{"Id":"3104456","SAP_Component":"PY-PT","Title":"[CVE-2021-42062] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP HCM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-11-09","First_released_on":"2021-11-09","Link":"https:\/\/me.sap.com\/notes\/3104456"},{"Id":"3105728","SAP_Component":"BC-DWB-TOO","Title":"[CVE-2021-40504] Nutzung der Berechtigung in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-11-09","First_released_on":"2021-11-09","Link":"https:\/\/me.sap.com\/notes\/3105728"},{"Id":"3106528","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-44234] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-01-11","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3106528"},{"Id":"3106859","SAP_Component":"CEC-MKT-OFM","Title":"URL-Umleitungsschwachstelle in Angebotsverwaltung","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-11-09","First_released_on":"2021-11-09","Link":"https:\/\/me.sap.com\/notes\/3106859"},{"Id":"3107196","SAP_Component":"BC-WD-ABA","Title":"Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver AS ABAP within Web Dynpro ABAP","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-01-25","First_released_on":"2022-01-25","Link":"https:\/\/me.sap.com\/notes\/3107196"},{"Id":"3107332","SAP_Component":"BC-VCM-LVM","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Landscape Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-12-14","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3107332"},{"Id":"3109577","SAP_Component":"CEC-COM-CPS-WEB-CAI","Title":"Schwachstelle bez\u00c3\u00bcglich Quelltextausf\u00c3\u00bchrung in SAP Commerce, Lokalisierung f\u00c3\u00bcr China","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-12-14","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3109577"},{"Id":"3110328","SAP_Component":"CEC-COM-CPS-WEB","Title":"[CVE-2021-40502] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Commerce","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-11-09","First_released_on":"2021-11-09","Link":"https:\/\/me.sap.com\/notes\/3110328"},{"Id":"3111110","SAP_Component":"BC-INS-TLS","Title":"[CVE-2022-26100] Denial-of-Service-Schwachstelle (DoS) in SAPCAR","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3111110"},{"Id":"3111293","SAP_Component":"BC-CST-WDP","Title":"[CVE-2022-28773] Denial-of-Service (DOS) in SAP Web Dispatcher und SAP NetWeaver (Internet Communication Manager)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3111293"},{"Id":"3111311","SAP_Component":"BC-CST-WDP","Title":"[CVE-2022-28772] Denial-of-Service (DOS) in SAP Web Dispatcher und SAP NetWeaver (Internet Communication Manager)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3111311"},{"Id":"3112710","SAP_Component":"BC-CCM-MON","Title":"[CVE-2021-42067] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-01-25","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3112710"},{"Id":"3112928","SAP_Component":"FI-FIO-AP","Title":"[CVE-2022-22531] Mehrere Schwachstellen in App \"Einzelzahlung anlegen\" (F0743) von SAP S\/4HANA","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-01-25","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3112928"},{"Id":"3113349","SAP_Component":"BC-SRV-AIF","Title":"[CVE-2023-29110] Code-Injection-Schwachstelle in SAP Application Interface Framework ABAP (Nachrichten-Dashboard)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3113349"},{"Id":"3113593","SAP_Component":"CEC-COM-CPS-COR","Title":"Denial-of-Service-Schwachstelle (DoS) in SAP Commerce","CVSS_Score":"7.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-12-14","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3113593"},{"Id":"3114134","SAP_Component":"CEC-COM-CPS-COR","Title":"[CVE-2021-42064] SQL-Injection-Schwachstelle in SAP Commerce","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-12-14","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3114134"},{"Id":"3114489","SAP_Component":"BC-SRV-AIF","Title":"[CVE-2023-29112] Code-Injection-Schwachstelle in SAP Application Interface Framework (Message Monitoring)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3114489"},{"Id":"3115598","SAP_Component":"BC-SRV-AIF","Title":"[CVE-2023-29109] Code-Injection-Schwachstelle in SAP Application Interface Framework ABAP (Nachrichten-Dashboard)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3115598"},{"Id":"3116223","SAP_Component":"BC-CST","Title":"[CVE-2022-22543] Denial-of-Service (DoS) in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP (Kernel) und ABAP-Plattform (Kernel)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-03-22","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3116223"},{"Id":"3117978","SAP_Component":"BC-SRV-AIF","Title":"[CVE-2023-29111] Offenlegung von Informationen in SAP Application Interface Framework (OData-Service)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3117978"},{"Id":"3119365","SAP_Component":"BC-DOC-TTL","Title":"[CVE-2021-44231] Code-Injection-Schwachstelle in SAP ABAP Server & ABAP-Plattform (\u00c3\u0153bersetzungswerkzeuge)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-12-14","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3119365"},{"Id":"3121165","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-12-17","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3121165"},{"Id":"3123196","SAP_Component":"BC-INS-TC-CNT","Title":"[CVE-2021-44235] Code-Injection-Schwachstelle in Hilfsklasse f\u00c3\u00bcr SAP NetWeaver AS ABAP","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-01-11","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3123196"},{"Id":"3123396","SAP_Component":"BC-CST-IC","Title":"[CVE-2022-22536] Request-Smuggling und Request-Verkettung in SAP NetWeaver, SAP Content Server und SAP Web Dispatcher.","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-03-22","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3123396"},{"Id":"3123427","SAP_Component":"BC-CST-IC","Title":"[CVE-2022-22532] HTTP-Request-Smuggling in SAP NetWeaver Application Server Java","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-03-22","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3123427"},{"Id":"3124094","SAP_Component":"FI-LOC-SAF","Title":"[CVE-2021-44232] Directory-Traversal-Schwachstelle im SAF-T-Framework","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-12-14","First_released_on":"2021-12-14","Link":"https:\/\/me.sap.com\/notes\/3124094"},{"Id":"3124597","SAP_Component":"BC-SEC-ETD","Title":"[CVE-2022-22529] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Enterprise Threat Detection","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-01-11","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3124597"},{"Id":"3124994","SAP_Component":"BC-CCM-PRN-PC","Title":"[CVE-2022-22534] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-26","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3124994"},{"Id":"3126489","SAP_Component":"PY-PT","Title":"[CVE-2022-22535] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP HCM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-02-08","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3126489"},{"Id":"3126557","SAP_Component":"CA-GTF-VBZ","Title":"[CVE-2022-28770] Cross-Site-Scripting-Schwachstelle (XSS) in SAPUI5 und OpenUI5 (vbm-Bibliothek)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3126557"},{"Id":"3126748","SAP_Component":"BI-RA-WBI-FE-HTM","Title":"[CVE-2022-22546] Cross-Site-Scripting-Schwachstelle (XSS) in SAP BusinessObjects Web Intelligence (BI-Launchpad)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-02-08","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3126748"},{"Id":"3126968","SAP_Component":"CA-WUI-UI-TAG","Title":"Schwachstelle mit Blick auf Offenlegung von Informationen im SAP CRM WebClient","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/3126968"},{"Id":"3128473","SAP_Component":"BC-MID-RFC","Title":"[CVE-2022-22545] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3128473"},{"Id":"3130497","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2022-27671] CSRF-Token in einer der URLs in SAP-Business-Intelligence-Plattform sichtbar","CVSS_Score":"8.0","CVSS_Vector":"CVSS:\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3130497"},{"Id":"3130521","SAP_Component":"BC-XI-CON-JWS","Title":"[CVE-2021-44228] Schwachstelle bei der Remote-Ausf\u00c3\u00bchrung von Code im Zusammenhang mit der Apache-Log4j-2-Komponente, die im Java-Web-Service-Adapter von SAP NetWeaver Process Integration verwendet wird","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-11","First_released_on":"2021-12-16","Link":"https:\/\/me.sap.com\/notes\/3130521"},{"Id":"3130578","SAP_Component":"BC-CP-CF-BLDP","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Cloud Foundry","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:N\/A:H","Category":"Beratung","Prio":"HotNews","Released_On":"2021-12-21","First_released_on":"2021-12-21","Link":"https:\/\/me.sap.com\/notes\/3130578"},{"Id":"3130920","SAP_Component":"CA-DI-CP","Title":"Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Data Intelligence 3 (on-premise)","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-18","First_released_on":"2022-01-18","Link":"https:\/\/me.sap.com\/notes\/3130920"},{"Id":"3131047","SAP_Component":"XX-SER-SN","Title":"[CVE-2021-44228] Zentraler Sicherheitshinweis f\u00c3\u00bcr Schwachstelle bei Remote-Ausf\u00c3\u00bchrung von Code in Verbindung mit Komponente Apache Log4j\u00c2\u00a02","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-03-08","First_released_on":"2021-12-15","Link":"https:\/\/me.sap.com\/notes\/3131047"},{"Id":"3131258","SAP_Component":"BC-XS-RT","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP HANA XSA","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-12-16","First_released_on":"2021-12-16","Link":"https:\/\/me.sap.com\/notes\/3131258"},{"Id":"3131397","SAP_Component":"BC-XS-ADM","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-12-24","First_released_on":"2021-12-17","Link":"https:\/\/me.sap.com\/notes\/3131397"},{"Id":"3131691","SAP_Component":"XX-PART-ADB-IFM","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP NetWeaver ABAP Server and ABAP Platform (Adobe LiveCycle Designer 11.0)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2021-12-30","First_released_on":"2021-12-30","Link":"https:\/\/me.sap.com\/notes\/3131691"},{"Id":"3131740","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2021-44228] Schwachstelle bei Remote-Code-Ausf\u00c3\u00bchrung in Verbindung mit Apache-Log4j-2-Komponente in SAP Business One","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-11","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3131740"},{"Id":"3131824","SAP_Component":"IS-PMED-HPH","Title":"[CVE-2021-44228] Log4j Vulnerability in Connected Health Platform 2.0 - Fhirserver","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-12-20","First_released_on":"2021-12-20","Link":"https:\/\/me.sap.com\/notes\/3131824"},{"Id":"3132058","SAP_Component":"IOT-BSV-HS-MS","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Cloud-to-Cloud Interoperability","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-11","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3132058"},{"Id":"3132074","SAP_Component":"LOD-CRM-GW-LN","Title":"[CVE-2021-44228] Code Injection vulnerability in Cloud for Customer Lotus Notes PlugIn","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-12-23","First_released_on":"2021-12-23","Link":"https:\/\/me.sap.com\/notes\/3132074"},{"Id":"3132162","SAP_Component":"OPU-API-OD-DT","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP API Management (Tenant Cloning Tool)","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-12-24","First_released_on":"2021-12-24","Link":"https:\/\/me.sap.com\/notes\/3132162"},{"Id":"3132177","SAP_Component":"CA-GTF-CSC-EDO-IN-DC","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Localization Hub, digital compliance service for India","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Externer Fehler","Prio":"HotNews","Released_On":"2021-12-22","First_released_on":"2021-12-22","Link":"https:\/\/me.sap.com\/notes\/3132177"},{"Id":"3132198","SAP_Component":"BC-VCM-LVM","Title":"[CVE-2019-17571] Code Injection vulnerability in SAP Landscape Management","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-12-20","First_released_on":"2021-12-20","Link":"https:\/\/me.sap.com\/notes\/3132198"},{"Id":"3132204","SAP_Component":"BC-XI-CON-JWS","Title":"Aktualisierung 1 zu Sicherheitshinweis 3130521: [CVE-2021-44228] Schwachstelle bei der Remote-Ausf\u00c3\u00bchrung von Code im Zusammenhang mit der Apache-Log4j-2-Komponente, die im Java-Web-Service-Adapter von SAP NetWeaver Process Integration verwendet wird","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-01-11","First_released_on":"2021-12-16","Link":"https:\/\/me.sap.com\/notes\/3132204"},{"Id":"3132360","SAP_Component":"EP-PIN-RTM","Title":"[CVE-2022-26103] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP NetWeaver (Real-Time Messaging Framework)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Customizing","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3132360"},{"Id":"3132515","SAP_Component":"IOT-EDG-OD","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services Cloud Edition","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-12-30","First_released_on":"2021-12-30","Link":"https:\/\/me.sap.com\/notes\/3132515"},{"Id":"3132633","SAP_Component":"BC-FES-GUI","Title":"Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP GUI for Windows","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3132633"},{"Id":"3132744","SAP_Component":"BC-CP-XF-KYMA","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP BTP Kyma","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Hilfe zur Fehleranalyse","Prio":"HotNews","Released_On":"2021-12-21","First_released_on":"2021-12-21","Link":"https:\/\/me.sap.com\/notes\/3132744"},{"Id":"3132822","SAP_Component":"BC-XS-ADM","Title":"Update 1 to Security Note 3131397 [CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in XSA Cockpit","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2021-12-24","First_released_on":"2021-12-21","Link":"https:\/\/me.sap.com\/notes\/3132822"},{"Id":"3132909","SAP_Component":"IOT-EDG-OP","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Edge Services On Premise Edition","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-11","First_released_on":"2021-12-24","Link":"https:\/\/me.sap.com\/notes\/3132909"},{"Id":"3132922","SAP_Component":"BC-NEO-SVC-IOT","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Internet of Things Edge Platform","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-18","First_released_on":"2021-12-21","Link":"https:\/\/me.sap.com\/notes\/3132922"},{"Id":"3132964","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2021-44228] Schwachstelle bez\u00c3\u00bcglich Remote-Ausf\u00c3\u00bchrung von Code im Zusammenhang mit Komponente Apache Log4j 2, die in SAP Enable Now Manager verwendet wird","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-11","First_released_on":"2021-12-23","Link":"https:\/\/me.sap.com\/notes\/3132964"},{"Id":"3133005","SAP_Component":"BC-XI-CON-JWS","Title":"Aktualisierung 2 zu Sicherheitshinweis 3130521: [CVE-2021-44228] Schwachstelle bei der Remote-Ausf\u00c3\u00bchrung von Code im Zusammenhang mit der Apache-Log4j-2-Komponente, die im Java-Web-Service-Adapter von SAP NetWeaver Process Integration verwendet wird","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-01-11","First_released_on":"2021-12-28","Link":"https:\/\/me.sap.com\/notes\/3133005"},{"Id":"3133772","SAP_Component":"IS-SE-CCO","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Customer Checkout","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-13","First_released_on":"2021-12-22","Link":"https:\/\/me.sap.com\/notes\/3133772"},{"Id":"3134139","SAP_Component":"XX-PART-TRI-ECT","Title":"[CVE-2021-44228] Schwachstelle bei Remote-Code-Ausf\u00c3\u00bchrung im Zusammenhang mit Apache-Log4j2-Komponente, die in SAP Enterprise Continuous Testing by Tricentis verwendet wird","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-11","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3134139"},{"Id":"3134161","SAP_Component":"PY-BR","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in SAP ERP HCM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3134161"},{"Id":"3134531","SAP_Component":"BC-XS-ADM","Title":"[CVE-2021-44228] Denial of Service vulnerability associated with Apache Log4j component used in XSA Cockpit","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2021-12-24","First_released_on":"2021-12-24","Link":"https:\/\/me.sap.com\/notes\/3134531"},{"Id":"3134684","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-02-08","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3134684"},{"Id":"3135581","SAP_Component":"BC-XI-CON-JWS","Title":"Aktualisierung 3 zu Sicherheitshinweis 3130521: [CVE-2021-44228] Schwachstelle bei der Remote-Ausf\u00c3\u00bchrung von Code im Zusammenhang mit der Apache-Log4j-2-Komponente, die im Java-Web-Service-Adapter von SAP NetWeaver Process Integration verwendet wird","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-01-11","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3135581"},{"Id":"3136094","SAP_Component":"MFG-DM-EDGE","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Digital Manufacturing Cloud for Edge Computing","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-11","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3136094"},{"Id":"3136988","SAP_Component":"IOT-BSV-HS-MS","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in Reference Template for enabling ingestion and persistence of time series data in Azure","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-01-11","First_released_on":"2022-01-11","Link":"https:\/\/me.sap.com\/notes\/3136988"},{"Id":"3137191","SAP_Component":"BI-BIP-ADM","Title":"[CVE-2022-22541] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP-BusinessObjects-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-26","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3137191"},{"Id":"3138299","SAP_Component":"XX-PART-ADB-IFM","Title":"[CVE-2021-44832] Schwachstelle mit Blick auf Remote-Ausf\u00c3\u00bchrung von Code im Zusammenhang mit der Apache-Log4j-2-Komponente, die in SAP-NetWeaver-ABAP-Server und ABAP-Plattform verwendet wird (Adobe LiveCycle Designer 11.0)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3138299"},{"Id":"3139893","SAP_Component":"XX-PART-NXL","Title":"[CVE-2021-44228] Remote Code Execution vulnerability associated with Apache Log4j 2 component used in SAP Dynamic Authorization Management","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-02-08","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3139893"},{"Id":"3140564","SAP_Component":"BC-SYB-ASE","Title":"[CVE-2022-22528] Offenlegung von Informationen in SAP Adaptive Server Enterprise","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:C\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-02-08","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3140564"},{"Id":"3140587","SAP_Component":"WP-WSR","Title":"[CVE-2022-22540] SQL-Injection-Schwachstelle in SAP NetWeaver AS ABAP (Workplace Server)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-02-08","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3140587"},{"Id":"3140940","SAP_Component":"SV-SMG-DIA","Title":"[CVE-2022-22544] Fehlende Funktionstrennung in den Ursachenanalysewerkzeugen von SAP Solution Manager Diagnostics","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Modifikation","Prio":"HotNews","Released_On":"2022-02-08","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3140940"},{"Id":"3142092","SAP_Component":"LO-MD-BP","Title":"[CVE-2022-22542] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP S\/4HANA (Lieferanteninformationsblatt und Enterprise Search f\u00c3\u00bcr Gesch\u00c3\u00a4ftspartner, Lieferant und Kunde)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3142092"},{"Id":"3142773","SAP_Component":"CEC-COM-CPS-WEB","Title":"[CVE-2021-44228] Remote-Code-Execution-Schwachstelle in Verbindung mit Apache-Log4j-2-Komponente in SAP Commerce","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-02-08","First_released_on":"2022-02-08","Link":"https:\/\/me.sap.com\/notes\/3142773"},{"Id":"3143161","SAP_Component":"CA-UI5-FL-LRP","Title":"Fehlende Berechtigungspr\u00c3\u00bcfung in Funktion f\u00c3\u00bcr UI5-Flexibilit\u00c3\u00a4t f\u00c3\u00bcr Anwendungsexperten","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-05-10","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/3143161"},{"Id":"3143437","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3143437"},{"Id":"3144941","SAP_Component":"EPM-BFC-PSI-INS","Title":"[CVE-2022-26104] Missing Authorization check in SAP Financial Consolidation","CVSS_Score":"5.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3144941"},{"Id":"3145046","SAP_Component":"BC-CST-WDP","Title":"[CVE-2022-27656] Cross-Site-Scripting-Schwachstelle (XSS) auf Administrations-UI von SAP Web Dispatcher und SAP NetWeaver AS f\u00c3\u00bcr ABAP und Java (ICM)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-05-10","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/3145046"},{"Id":"3145702","SAP_Component":"BC-CST-MS","Title":"[CVE-2022-29616] Speicherbesch\u00c3\u00a4digungsschwachstelle in SAP Host Agent, SAP NetWeaver und ABAP-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-05-10","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/3145702"},{"Id":"3145769","SAP_Component":"BI-BIP-ADM","Title":"[CVE-2022-27667] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform (CMC)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3145769"},{"Id":"3145987","SAP_Component":"SV-FRN-INF-SDA","Title":"[CVE-2022-24396] Fehlende Authentifizierungspr\u00c3\u00bcfung in SAP Focused Run (Simple Diagnostics Agent 1.0)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3145987"},{"Id":"3145997","SAP_Component":"BC-ABA-SC","Title":"[CVE-2022-26102] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3145997"},{"Id":"3146260","SAP_Component":"EP-PIN-NAV","Title":"[CVE-2022-24397] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3146260"},{"Id":"3146261","SAP_Component":"EP-PIN-NAV","Title":"[CVE-2022-24395] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3146261"},{"Id":"3146336","SAP_Component":"CA-UI2-THD","Title":"[CVE-2022-29610] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Application Server ABAP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-05-10","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/3146336"},{"Id":"3147102","SAP_Component":"SV-FRN-INF-SDA","Title":"[CVE-2022-22547] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Focused Run (Simple Diagnostics Agent 1.0)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3147102"},{"Id":"3147283","SAP_Component":"SV-FRN-APP-RUM","Title":"[CVE-2022-24399] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Focused Run (Real-User-Monitoring)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3147283"},{"Id":"3147498","SAP_Component":"BC-JAS-ADM-ADM","Title":"Falsche Zugriffskontrollpr\u00c3\u00bcfung in den Services basicadmin und adminadapter von SAP NetWeaver","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:N\/S:C\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-06-28","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3147498"},{"Id":"3148094","SAP_Component":"BC-SYB-SQA","Title":"[CVE-2022-27670] Denial-of-Service-Schwachstelle (DoS) in SQL Anywhere","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3148094"},{"Id":"3148377","SAP_Component":"EP-PIN-WPC","Title":"[CVE-2022-28217] Schwachstelle mit Blick auf fehlende XML-Validierung in SAP NetWeaver EP WPC","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Korrektur der gesetzlichen Funktion","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3148377"},{"Id":"3149794","SAP_Component":"CA-UI5-COR","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in jQuery-UI-Bibliothek geb\u00c3\u00bcndelt mit SAPUI5","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-08-22","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3149794"},{"Id":"3149805","SAP_Component":"CA-FLP-FE-COR","Title":"[CVE-2022-26101] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Fiori Launchpad","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-03-22","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3149805"},{"Id":"3150454","SAP_Component":"BC-MID-RFC","Title":"Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-10-04","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3150454"},{"Id":"3150463","SAP_Component":"BC-MID-RFC","Title":"Offenlegung von Informationen: Schwachstelle in der ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3150463"},{"Id":"3150704","SAP_Component":"FIN-FSCM-CLM-BAM","Title":"[CVE-2023-0023] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Bank Account Management (\"Banken verwalten\")","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-01-10","First_released_on":"2023-01-10","Link":"https:\/\/me.sap.com\/notes\/3150704"},{"Id":"3150845","SAP_Component":"BI-BIP-BIW","Title":"[CVE-2022-28216] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (BI-Arbeitsbereich)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3150845"},{"Id":"3152442","SAP_Component":"BC-ILM-DAS","Title":"[CVE-2022-27669] Fehlende Berechtigungspr\u00c3\u00bcfung in XML-Datenarchivierungsservice","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3152442"},{"Id":"3154684","SAP_Component":"MOB-SYC-SAP-WM","Title":"[CVE-2021-44228] Schwachstelle bei der Remote-Ausf\u00c3\u00bchrung von Code im Zusammenhang mit der Apache-Log4j-2-Komponente, die in SAP Work Manager verwendet wird","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-03-08","First_released_on":"2022-03-08","Link":"https:\/\/me.sap.com\/notes\/3154684"},{"Id":"3155571","SAP_Component":"BC-DB-SYB","Title":"[CVE-2022-31594] Berechtigungseskalationsschwachstelle in SAP Adaptive Server Enterprise (ASE)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-06-28","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3155571"},{"Id":"3155609","SAP_Component":"CEC-COM-CPS","Title":"Schwachstelle mit Blick auf Berechtigungseskalation in Apache-Tomcat-Serverkomponente von SAP Commerce","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3155609"},{"Id":"3156484","SAP_Component":"BC-FES-BUS-DSK","Title":"Offenlegung von Informationen: Schwachstelle in SAP Business Client","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:C\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-08-09","First_released_on":"2022-08-09","Link":"https:\/\/me.sap.com\/notes\/3156484"},{"Id":"3156972","SAP_Component":"MM-FIO-PUR-REQ-SSP","Title":"[CVE-2023-40306] URL-Umleitungsschwachstelle in SAP S\/4HANA (Katalogpositionen verwalten und katalog\u00c3\u00bcbergreifende Suche)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3156972"},{"Id":"3157613","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2022-28771] Fehlende Authentifizierungspr\u00c3\u00bcfung in SAP Business One (Lizenzservice-API)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3157613"},{"Id":"3158188","SAP_Component":"BC-CCM-HAG","Title":"[CVE-2022-28774] Schwachstelle bei Offenlegung von Informationen in SAP-Host-Agent-Protokolldatei","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-05-10","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/3158188"},{"Id":"3158375","SAP_Component":"BC-CST-NI","Title":"[CVE-2022-27668] Falsche Zugriffskontrolle in SAProuter f\u00c3\u00bcr SAP NetWeaver und ABAP-Plattform","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3158375"},{"Id":"3158455","SAP_Component":"CA-WUI-WKB","Title":"[CVE-2024-24742] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM (WebClient UI)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3158455"},{"Id":"3158613","SAP_Component":"MFG-MII","Title":"Update 1 to Security Note 3022622 - [CVE-2021-21480] Code injection vulnerability in SAP Manufacturing Integration and Intelligence","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3158613"},{"Id":"3158619","SAP_Component":"BC-CST-STS","Title":"[CVE-2022-29614] Berechtigungseskalation in SAP startservice von SAP NetWeaver AS ABAP, AS Java, ABAP-Plattform und SAP-HANA-Datenbank","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:P\/AC:H\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3158619"},{"Id":"3158815","SAP_Component":"EPM-BFC-PRO","Title":"[CVE-2022-31595] Privilege escalation vulnerability in SAP Financial Consolidation","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3158815"},{"Id":"3159091","SAP_Component":"SV-FRN-INF-SDA","Title":"[CVE-2022-27657] Directory-Traversal-Schwachstelle in SAP Focused Run (Simple Diagnostics Agent 1.0)","CVSS_Score":"2.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3159091"},{"Id":"3159329","SAP_Component":"CA-UI5-COR-FND","Title":"Denial-of-Service-(DoS)-Schwachstelle in JSZip-Bibliothek geb\u00c3\u00bcndelt in SAPUI5","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3159329"},{"Id":"3159736","SAP_Component":"BC-CCM-MON-OS","Title":"[CVE-2022-35295] Berechtigungseskalationsschwachstelle in SAPOSCOL unter Unix","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/3159736"},{"Id":"3163583","SAP_Component":"EP-PIN-PRT","Title":"[CVE-2022-26105] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3163583"},{"Id":"3163703","SAP_Component":"CA-UI5-COR-FND","Title":"Multiple Vulnerabilities in URI.js bundled with SAPUI5","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3163703"},{"Id":"3164677","SAP_Component":"PA-FIO-LEA","Title":"[CVE-2022-29613] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Employee Self-Service (SAP-Fiori-App \"Meine Abwesenheitsantr\u00c3\u00a4ge\")","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/3164677"},{"Id":"3165333","SAP_Component":"BC-MID-ICF","Title":"[CVE-2022-28215] URL-Umleitungsschwachstelle in SAP NetWeaver ABAP Server und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3165333"},{"Id":"3165801","SAP_Component":"BC-ABA-LI","Title":"[CVE-2022-29611] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-06-28","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/3165801"},{"Id":"3165856","SAP_Component":"PLM-INM","Title":"[CVE-2022-27658] Missing authorization check in SAP Innovation Management","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-03-28","First_released_on":"2022-03-28","Link":"https:\/\/me.sap.com\/notes\/3165856"},{"Id":"3167342","SAP_Component":"EIM-DS-SVR","Title":"[CVE-2022-35226] Cross-Site Scripting (XSS) vulnerability in Data Services Management Console","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3167342"},{"Id":"3167430","SAP_Component":"BI-BIP-IK-PAR-SAP","Title":"[CVE-2022-31591] Schwachstelle bez\u00c3\u00bcglich Rechteausweitung in SAP BusinessObjects (BW Publisher-Dienst)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3167430"},{"Id":"3169239","SAP_Component":"BI-BIP-ADM","Title":"[CVE-2022-29619] Offenlegung von Informationen an Benutzeradministrator in SAP BusinessObjects Business Intelligence 4.x","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3169239"},{"Id":"3170990","SAP_Component":"XX-SER-SN","Title":"[CVE-2022-22965] Zentraler Sicherheitshinweis f\u00c3\u00bcr Schwachstelle mit Blick auf Remote-Ausf\u00c3\u00bchrung von Code in Verbindung mit Spring Framework","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-05-10","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3170990"},{"Id":"3171258","SAP_Component":"CEC-COM-CPS-WEB","Title":"[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Commerce","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-04-18","First_released_on":"2022-04-18","Link":"https:\/\/me.sap.com\/notes\/3171258"},{"Id":"3187290","SAP_Component":"IS-SE-CCO","Title":"[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Checkout","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3187290"},{"Id":"3189409","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2022-22965] Schwachstelle bez\u00c3\u00bcglich Remote-Ausf\u00c3\u00bchrung von Code im Zusammenhang mit in SAP Business One Cloud verwendetem Spring Framework","CVSS_Score":"9.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-05-10","First_released_on":"2022-05-10","Link":"https:\/\/me.sap.com\/notes\/3189409"},{"Id":"3189428","SAP_Component":"BC-XS-SEC","Title":"[CVE-2022-22965] Remote-Code-Ausf\u00c3\u00bchrungs-Schwachstelle in Verbindung mit Spring-Framework, das in SAP HANA Extended Application Services verwendet wird","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3189428"},{"Id":"3189429","SAP_Component":"BC-SYB-PD","Title":"[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in PowerDesigner Web (upto including 16.7 SP05 PL01)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-04-12","First_released_on":"2022-04-12","Link":"https:\/\/me.sap.com\/notes\/3189429"},{"Id":"3189635","SAP_Component":"IS-T-MA","Title":"[CVE-2022-22965] Remote Code Execution vulnerability associated with Spring Framework used in SAP Customer Profitability Analytics","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-04-14","First_released_on":"2022-04-14","Link":"https:\/\/me.sap.com\/notes\/3189635"},{"Id":"3190675","SAP_Component":"CEC-MKT-CPG","Title":"Unsichere Verwendung eines leeren Ziels in SAP-Marketingkampagnen","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3190675"},{"Id":"3190894","SAP_Component":"CEC-MKT-DM-CON","Title":"[CVE-2024-21734] URL-Umleitungsschwachstelle in SAP Marketing (App \"Kontakte\")","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3190894"},{"Id":"3191012","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2022-31593] Code-Injection-Schwachstelle in SAP Business One","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3191012"},{"Id":"3191812","SAP_Component":"CEC-MKT-CPG","Title":"Cross-Site-Scripting-(XSS)-Schwachstelle in SAP-Marketing-App \"Kampagnen\"","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3191812"},{"Id":"3194361","SAP_Component":"BI-BIP-SRV","Title":"[CVE-2022-35169] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP BusinessObjects Business Intelligence","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3194361"},{"Id":"3194674","SAP_Component":"BC-CST-STS","Title":"[CVE-2022-29612] Server-Side Request Forgery in SAP NetWeaver, ABAP-Plattform und SAP-Host-Agent","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3194674"},{"Id":"3196280","SAP_Component":"IS-DFS-MM","Title":"[CVE-2022-31592] Fehlende Berechtigungspr\u00c3\u00bcfung in EA-DFPS","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3196280"},{"Id":"3197005","SAP_Component":"BC-SYB-PD","Title":"[CVE-2022-31590] Potenzielle Berechtigungseskalation in SAP PowerDesigner Proxy 16.7","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3197005"},{"Id":"3197927","SAP_Component":"BC-CTS-DTR","Title":"[CVE-2022-29618] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-NetWeaver-Entwicklungsinfrastruktur (Design Time Repository)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3197927"},{"Id":"3198137","SAP_Component":"BC-MID-ICF","Title":"Aktualisierung 1 zu SAp-Sicherheitshinweis 3165333 - [CVE-2022-28215] URL-Umleitungsschwachstelle in SAP NetWeaver ABAP Server und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/3198137"},{"Id":"3202523","SAP_Component":"CEC-COM-CPS","Title":"Cross-Site-Scripting-Schwachstelle (XSS) in SAP Commerce","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-10-14","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3202523"},{"Id":"3202846","SAP_Component":"BC-DWB-JAV-COR","Title":"[CVE-2022-29615] Mehrere Schwachstellen im Zusammenhang mit der Komponente Apache log4j 1.x in SAP NetWeaver Developer Studio (NWDS)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3202846"},{"Id":"3203065","SAP_Component":"FI-LOC-FI-IL-AP","Title":"[CVE-2022-31589] Funktionstrennungsschwachstelle in IL-FI-AP-Datei aus SHAAM-Programm","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3203065"},{"Id":"3203079","SAP_Component":"BI-BIP-VD","Title":"[CVE-2022-32246] SQL-Injection-Schwachstelle in SAP BusinessObjects Business Intelligence (Anwendung \"Grafischer Vergleich\")","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3203079"},{"Id":"3206271","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Falsche Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-06-14","First_released_on":"2022-06-14","Link":"https:\/\/me.sap.com\/notes\/3206271"},{"Id":"3207902","SAP_Component":"EP-PIN-URL","Title":"[CVE-2022-35172] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3207902"},{"Id":"3208819","SAP_Component":"EP-PIN-AI","Title":"[CVE-2022-35170] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3208819"},{"Id":"3208880","SAP_Component":"EP-PIN-PRT","Title":"[CVE-2022-35225] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3208880"},{"Id":"3209557","SAP_Component":"EP-PIN-TOL","Title":"[CVE-2022-32247] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3209557"},{"Id":"3210566","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2022-35293] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Enable Now Manager","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-08-09","First_released_on":"2022-08-09","Link":"https:\/\/me.sap.com\/notes\/3210566"},{"Id":"3210779","SAP_Component":"EP-PIN-GPA","Title":"[CVE-2022-35224] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Enterprise Portal","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3210779"},{"Id":"3210823","SAP_Component":"BI-BIP-INV","Title":"[CVE-2022-32245] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in der SAP-BusinessObjects-Business-Intelligence-Plattform (Open Document)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-08-09","First_released_on":"2022-08-09","Link":"https:\/\/me.sap.com\/notes\/3210823"},{"Id":"3211161","SAP_Component":"BI-BIP-INV","Title":"[CVE-2022-39800] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (BI-Launchpad)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3211161"},{"Id":"3211203","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2022-35168] Denial-of-Service-Schwachstelle in SAP Business One","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3211203"},{"Id":"3211760","SAP_Component":"EP-PIN-WPC","Title":"[CVE-2022-35227] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver EP WPC","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3211760"},{"Id":"3212997","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2022-32249] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3212997"},{"Id":"3213141","SAP_Component":"BC-VCM-LVM","Title":"Information Disclosure in SAP Landscape Management","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:R\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-07-26","First_released_on":"2022-07-26","Link":"https:\/\/me.sap.com\/notes\/3213141"},{"Id":"3213279","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2022-31598] Cross-Site-Scripting-Schwachstelle (XSS) in SAP BusinessObjects","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3213279"},{"Id":"3213507","SAP_Component":"BI-BIP-ADM","Title":"[CVE-2022-31596] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform (Monitoring-DB)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2022-08-09","Link":"https:\/\/me.sap.com\/notes\/3213507"},{"Id":"3213524","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2022-32244] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in der SAP-BusinessObjects-Business-Intelligence-Plattform (Kommentar-DB)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2022-08-09","Link":"https:\/\/me.sap.com\/notes\/3213524"},{"Id":"3213826","SAP_Component":"FI-LOC-FI-ES","Title":"[CVE-2022-31597] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA (Gesch\u00c3\u00a4ftspartnererweiterung f\u00c3\u00bcr Spanien\/Slowakei)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Korrektur der gesetzlichen Funktion","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3213826"},{"Id":"3216161","SAP_Component":"FI-FIO-AP","Title":"[CVE-2022-32248] Fehlende Eingabevalidierung in Komponente \"Scheckhefte verwalten\" von SAP S\/4HANA","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3216161"},{"Id":"3216653","SAP_Component":"BC-IAM-SSO-OTP","Title":"[CVE-2022-35290] Offenlegung von Informationen in SAP Authenticator f\u00c3\u00bcr Android","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-08-09","First_released_on":"2022-08-09","Link":"https:\/\/me.sap.com\/notes\/3216653"},{"Id":"3217087","SAP_Component":"PY-IE","Title":"[CVE-2023-49577] Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3217087"},{"Id":"3217303","SAP_Component":"BI-BIP-SRV","Title":"[CVE-2022-39014] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP BusinessObjects Business Intelligence (CMC)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/3217303"},{"Id":"3218159","SAP_Component":"CA-FLP-FE-COR","Title":"Unzureichender Ablauf einer Sitzung im zentralen SAP Fiori Launchpad","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-11-08","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3218159"},{"Id":"3218177","SAP_Component":"BC-FES-WGU","Title":"[CVE-2022-35294] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Application Server ABAP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/3218177"},{"Id":"3219164","SAP_Component":"EP-KM-FWK-CF","Title":"[CVE-2022-35298] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Enterprise Portal (KMC)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/3219164"},{"Id":"3219846","SAP_Component":"FI-AP-AP-Q1","Title":"[CVE-2023-42473] Missing Authorization Check In S\/4HANA (Manage Withholding Tax Items)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-09-26","First_released_on":"2023-09-26","Link":"https:\/\/me.sap.com\/notes\/3219846"},{"Id":"3220746","SAP_Component":"CA-VE-VEV","Title":"[CVE-2022-35171] Fehlerhafte Eingabevalidierung in SAP 3D Visual Enterprise Viewer","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3220746"},{"Id":"3221288","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2022-35228] Schwachstelle mit Blick auf Offenlegung von Informationen auf SAP-BusinessObjects-Business-Intelligence-Plattform (Central Management Console)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-07-12","First_released_on":"2022-07-12","Link":"https:\/\/me.sap.com\/notes\/3221288"},{"Id":"3222121","SAP_Component":"FI-LOC-SRF-RUN","Title":"[CVE-2023-42475] Information Disclosure Vulnerability in Statutory Reporting","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-10-10","First_released_on":"2023-10-10","Link":"https:\/\/me.sap.com\/notes\/3222121"},{"Id":"3223392","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2022-35292] Problem bez\u00c3\u00bcglich Windows Unquoted Service Path in SAP Business One","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/3223392"},{"Id":"3226411","SAP_Component":"LOD-SF-EC","Title":"[CVE-2022-35291] Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-10-25","First_released_on":"2022-07-26","Link":"https:\/\/me.sap.com\/notes\/3226411"},{"Id":"3229132","SAP_Component":"BI-BIP-ADM","Title":"[CVE-2022-39013] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP BusinessObjects Business Intelligence (Programmobjekte)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3229132"},{"Id":"3229425","SAP_Component":"BI-RA-AWB","Title":"[CVE-2022-41206] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform\/SAP Analysis f\u00c3\u00bcr OLAP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3229425"},{"Id":"3229820","SAP_Component":"BC-FES-WGU","Title":"[CVE-2022-39799] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (SAP GUI for HTML im Fiori Launchpad)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/3229820"},{"Id":"3229987","SAP_Component":"BC-SYB-SQA","Title":"[CVE-2022-41259] Denial-of-Service-Schwachstelle (DoS) in SAP SQL Anywhere","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-11-08","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3229987"},{"Id":"3232021","SAP_Component":"BC-SYB-SQA","Title":"[CVE-2022-35299] Puffer\u00c3\u00bcberlauf in SAP SQL Anywhere und SAP IQ","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3232021"},{"Id":"3233226","SAP_Component":"BI-BIP-LCM","Title":"[CVE-2022-35296] Schwachstelle mit Blick auf Offenlegung von Informationen auf SAP-BusinessObjects-Business-Intelligence-Plattform (Versionsverwaltungssystem)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3233226"},{"Id":"3233899","SAP_Component":"BC-CST-WDP","Title":"[CVE-2023-33987] Schwachstelle bez\u00c3\u00bcglich Request-Smuggling und Request-Verkettung in SAP Web Dispatcher","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3233899"},{"Id":"3234755","SAP_Component":"CA-MDG-APP-CUS","Title":"Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in Stammdaten-Governance","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3234755"},{"Id":"3237075","SAP_Component":"GRC-SAC-EAM","Title":"[CVE-2022-39801] Unzureichender Ablauf der Firefighter-Sitzung in Notfallzugriffsverwaltung von SAP GRC Access Control","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-09-13","First_released_on":"2022-09-13","Link":"https:\/\/me.sap.com\/notes\/3237075"},{"Id":"3237251","SAP_Component":"BC-FES-GUI","Title":"[CVE-2022-41205] Code-Injection-Schwachstelle in SAP GUI for Windows","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-11-08","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3237251"},{"Id":"3237638","SAP_Component":"PA-FIO-OVT","Title":"[CVE-2024-25643] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Fiori App (Meine Mehrarbeitsantr\u00c3\u00a4ge)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3237638"},{"Id":"3238042","SAP_Component":"FIN-FSCM-BD","Title":"[CVE-2022-41207] Schwachstelle mit Blick auf URL-Umleitung in SAP Biller Direct","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-11-08","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3238042"},{"Id":"3239152","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2022-41204] Konto-Hijacking \u00c3\u00bcber Schwachstelle bei URL-Umleitung in SAP-Commerce-Anmeldeformular","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-10-14","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3239152"},{"Id":"3239293","SAP_Component":"BI-BIP-ADM","Title":"[CVE-2022-39015] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP BusinessObjects Business Intelligence (AdminTools\/Query Builder)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3239293"},{"Id":"3239475","SAP_Component":"BI-BIP-SRV","Title":"[CVE-2022-41267] Schwachstelle bez\u00c3\u00bcglich Server-Side Request Forgery auf Plattform SAP BusinessObjects Business Intelligence","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-12-13","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3239475"},{"Id":"3242933","SAP_Component":"MFG-ME","Title":"[CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3242933"},{"Id":"3243924","SAP_Component":"BI-RA-WBI-FE","Title":"[CVE-2022-41203] Unsichere Deserialisierung nicht vertrauensw\u00c3\u00bcrdiger Daten in SAP-BusinessObjects-Business-Intelligence-Plattform (Central Management Console und BI-Launchpad)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-01-10","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3243924"},{"Id":"3245526","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2023-25616] Code-Injection-Schwachstelle in SAP-Business-Objects-Business-Intelligence-Plattform (CMC)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-09-12","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3245526"},{"Id":"3245928","SAP_Component":"CA-VE-VEV","Title":"[Mehrere CVEs] Mehrere Schwachstellen in SAP 3D Visual Enterprise Viewer","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3245928"},{"Id":"3245929","SAP_Component":"CA-VE-VEA","Title":"[Mehrere CVEs] Mehrere Schwachstellen in SAP 3D Visual Enterprise Author","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3245929"},{"Id":"3248255","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2022-41266] Schwachstelle bez\u00c3\u00bcglich Cross-Site-Scripting (XSS) in SAP Commerce","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3248255"},{"Id":"3248384","SAP_Component":"CEC-PRO-GIY","Title":"[CVE-2022-41210] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Customer Data Cloud (Gigya)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:P\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3248384"},{"Id":"3248970","SAP_Component":"CEC-PRO-GIY","Title":"[CVE-2022-41209] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Customer Data Cloud (Gigya)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:P\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-10-11","First_released_on":"2022-10-11","Link":"https:\/\/me.sap.com\/notes\/3248970"},{"Id":"3249648","SAP_Component":"BI-RA-WBI","Title":"[CVE-2022-41263] Schwachstelle bez\u00c3\u00bcglich fehlender Authentifizierungspr\u00c3\u00bcfung in SAP BusinessObjects Business Intelligence (Web Intelligence)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3249648"},{"Id":"3249990","SAP_Component":"CA-UI5-VTK-VIT","Title":"[CVE-2021-20223] Mehrere Schwachstellen in SQLite geb\u00c3\u00bcndelt mit SAPUI5","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-11-16","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3249990"},{"Id":"3251202","SAP_Component":"BC-MID-ICF","Title":"[CVE-2022-41215] URL-Umleitungsschwachstelle in SAP NetWeaver ABAP Server und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-11-22","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3251202"},{"Id":"3251447","SAP_Component":"BI-RA-WBI-FE","Title":"[CVE-2023-0015] Cross-Site-Scripting-Schwachstelle (XSS) in SAP BusinessObjects Business Intelligence (Web Intelligence)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-01-10","First_released_on":"2023-01-10","Link":"https:\/\/me.sap.com\/notes\/3251447"},{"Id":"3252433","SAP_Component":"BC-CST-EQ","Title":"[CVE-2023-23857] Falsche Zugriffskontrolle in SAP NetWeaver AS for Java","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:L\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3252433"},{"Id":"3256571","SAP_Component":"BC-CTS-TMS","Title":"[CVE-2022-41214] Mehrere Schwachstellen bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver Application Server ABAP und ABAP-Plattform","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:N\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-11-08","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3256571"},{"Id":"3256787","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2023-24530] Schwachstelle bzgl. uneingeschr\u00c3\u00a4nktem Datei-Upload in SAP-BusinessObjects-Business-Intelligence-Plattform (CMC)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3256787"},{"Id":"3258950","SAP_Component":"BC-BSP","Title":"Aktualisierung 1 zu SAP-Sicherheitshinweis 2872782 - [CVE-2020-6215] URL-Umleitungsschwachstelle in SAP NetWeaver AS ABAP Server (BSP-Testanwendung)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3258950"},{"Id":"3260667","SAP_Component":"FIN-FSCM-PF-IHB","Title":"[CVE-2024-21736] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA Finance f\u00c3\u00bcr die erweiterte Zahlungsverwaltung","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3260667"},{"Id":"3260708","SAP_Component":"EPM-BFC-TCL-ADM-SEC","Title":"[CVE-2022-41258] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-11-08","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3260708"},{"Id":"3262544","SAP_Component":"BC-JAS-WEB","Title":"[CVE-2022-41262] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS for Java (Http Provider Service)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-07","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3262544"},{"Id":"3262810","SAP_Component":"BI-RA-AWB","Title":"[CVE-2023-0022] Code-Injection-Schwachstelle in SAP-BusinessObjects-Business-Intelligence-Plattform (Analysis, Edition f\u00c3\u00bcr OLAP)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-01-10","First_released_on":"2023-01-10","Link":"https:\/\/me.sap.com\/notes\/3262810"},{"Id":"3263135","SAP_Component":"BI-BIP-INV","Title":"[CVE-2023-0020] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3263135"},{"Id":"3263436","SAP_Component":"CA-VE-VEA","Title":"[CVE-2022-41211] Schwachstelle bez\u00c3\u00bcglich Ausf\u00c3\u00bchrung von beliebigem Code in SAP 3D Visual Enterprise Author und SAP 3D Visual Enterprise Viewer","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2022-11-08","First_released_on":"2022-11-08","Link":"https:\/\/me.sap.com\/notes\/3263436"},{"Id":"3263863","SAP_Component":"BI-RA-WBI-FE","Title":"[CVE-2023-23856] Cross-Site-Scripting-Schwachstelle in Web-Intelligence-Schnittstelle","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3263863"},{"Id":"3265173","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"[CVE-2022-41261] Ungeeignete Zugriffskontrolle in SAP Solution Manager (Diagnostics-Agent)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3265173"},{"Id":"3265846","SAP_Component":"SV-SMG-SVD-SWB","Title":"[CVE-2023-0024] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Solution Manager (BSP-Applikation)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3265846"},{"Id":"3266006","SAP_Component":"BI-RA-CR","Title":"[CVE-2023-0018] Cross-Site-Scripting-Schwachstelle (XSS) in SAP-BusinessObjects-Business-Intelligence-Plattform (Central Management Console)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-01-10","First_released_on":"2023-01-10","Link":"https:\/\/me.sap.com\/notes\/3266006"},{"Id":"3266751","SAP_Component":"SV-SMG-MON-SYS","Title":"[CVE-2023-23852] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Solution Manager 7.2","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3266751"},{"Id":"3266846","SAP_Component":"EPM-DSM-GEN","Title":"[CVE-2022-41274] Missing Authorization Checks in SAP Disclosure Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3266846"},{"Id":"3267442","SAP_Component":"SV-SMG-SVD-SWB","Title":"[CVE-2023-0025] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Solution Manager (BSP-Applikation)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3267442"},{"Id":"3267780","SAP_Component":"BC-XI-CON-MSG","Title":"[CVE-2022-41271] Falsche Zugriffskontrolle in SAP NetWeaver AS Java (Messaging-System)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:L\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-12-23","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3267780"},{"Id":"3268093","SAP_Component":"BC-MID-CON-JCO","Title":"[CVE-2023-0017] Falsche Zugriffskontrolle in SAP NetWeaver AS for Java","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-01-10","First_released_on":"2023-01-10","Link":"https:\/\/me.sap.com\/notes\/3268093"},{"Id":"3268172","SAP_Component":"BC-DB-HDB-POR","Title":"[CVE-2022-41264] Code-Injection-Schwachstelle in SAP BASIS","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-01-24","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3268172"},{"Id":"3268959","SAP_Component":"BC-MID-AC","Title":"[Mehrere CVEs] Mehrere Schwachstellen in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3268959"},{"Id":"3269118","SAP_Component":"BC-BSP","Title":"[CVE-2023-24522] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (BSP-Framework)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3269118"},{"Id":"3269151","SAP_Component":"BC-BSP","Title":"[CVE-2023-24521] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (BSP-Framework)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3269151"},{"Id":"3269352","SAP_Component":"CA-WUI-UI","Title":"[CVE-2023-29189] HTTP-Verb-Tampering-Schwachstelle in SAP CRM (WebClient UI)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3269352"},{"Id":"3270399","SAP_Component":"SRM-ESO-SEC","Title":"[CVE-2022-41273] URL-Umleitungsschwachstelle in SAP Sourcing und SAP Contract Lifecycle Management","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3270399"},{"Id":"3270509","SAP_Component":"SV-SMG-OP","Title":"[CVE-2023-23855] Schwachstelle mit Blick auf URL-Umleitung in SAP Solution Manager","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3270509"},{"Id":"3271091","SAP_Component":"EPM-BPC-NW","Title":"[CVE-2022-41268] Schwachstelle im Hinblick auf Berechtigungseskalation in SAP Business Planning and Consolidation","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3271091"},{"Id":"3271227","SAP_Component":"BC-MID-ICF","Title":"[CVE-2023-23853] URL-Umleitungsschwachstelle in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3271227"},{"Id":"3271313","SAP_Component":"BC-EIM-ESH","Title":"[CVE-2022-41275] Offener Redirect in SAP Solutions Manager (Enterprise Search)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2022-12-13","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3271313"},{"Id":"3271523","SAP_Component":"CEC-COM-CPS-COR","Title":"Schwachstelle bez\u00c3\u00bcglich der Remote-Ausf\u00c3\u00bchrung von Code in Verbindung mit Apache Commons Text in SAP Commerce","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2022-12-13","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3271523"},{"Id":"3273480","SAP_Component":"BC-XI-CON-UDS","Title":"[CVE-2022-41272] Falsche Zugriffskontrolle in SAP NetWeaver AS Java (benutzerdefinierte Suche)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-09-12","First_released_on":"2022-12-13","Link":"https:\/\/me.sap.com\/notes\/3273480"},{"Id":"3274585","SAP_Component":"BC-BSP","Title":"[CVE-2023-25614] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (BSP-Framework)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-28","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3274585"},{"Id":"3274920","SAP_Component":"BC-CCM-PRN-PC","Title":"[CVE-2023-0021] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3274920"},{"Id":"3275391","SAP_Component":"EPM-BPC-MS","Title":"[CVE-2023-0016] SQL Injection vulnerability in SAP Business Planning and Consolidation MS","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-01-10","First_released_on":"2023-01-10","Link":"https:\/\/me.sap.com\/notes\/3275391"},{"Id":"3275458","SAP_Component":"BC-FES-WGU","Title":"[CVE-2023-27499] Cross-Site-Scripting-Schwachstelle (XSS) in SAP GUI for HTML","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3275458"},{"Id":"3275727","SAP_Component":"BC-CCM-MON-OS","Title":"[CVE-2023-27498] Speicherbesch\u00c3\u00a4digungsschwachstelle in SAPOSCOL","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3275727"},{"Id":"3275841","SAP_Component":"EPM-BPC-NW-INF","Title":"[CVE-2023-23851] Unrestricted File Upload in SAP Business Planning and Consolidation","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3275841"},{"Id":"3276120","SAP_Component":"BC-CCM-HAG","Title":"[CVE-2023-0012] Lokale Berechtigungseskalation im SAP Host Agent (Windows)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-01-10","First_released_on":"2023-01-10","Link":"https:\/\/me.sap.com\/notes\/3276120"},{"Id":"3281484","SAP_Component":"BC-SRV-KPR-CS","Title":"[CVE-2023-26457] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Content Server","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3281484"},{"Id":"3281724","SAP_Component":"GRC-SPC-AC","Title":"[CVE-2023-0019] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP GRC (Process Control)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3281724"},{"Id":"3282663","SAP_Component":"CA-GTF-PCF","Title":"[CVE-2023-24529] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (Business-Server-Pages-Applikation)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3282663"},{"Id":"3283283","SAP_Component":"BC-ABA-LA","Title":"[CVE-2023-0013] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-01-24","First_released_on":"2023-01-10","Link":"https:\/\/me.sap.com\/notes\/3283283"},{"Id":"3283438","SAP_Component":"BI-BIP-SRV","Title":"[CVE-2023-25617] Schwachstelle bez\u00c3\u00bcglich BS-Befehlsausf\u00c3\u00bchrung in der SAP-BusinessObjects-Business-Intelligence-Plattform (Adaptive Job Server)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3283438"},{"Id":"3284550","SAP_Component":"EP-PIN-PSL","Title":"[CVE-2023-26461] Schwachstelle bez\u00c3\u00bcglich externer XML-Entit\u00c3\u00a4t (XXE) in SAP NetWeaver (SAP Enterprise Portal)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3284550"},{"Id":"3285757","SAP_Component":"BC-CCM-HAG","Title":"[CVE-2023-24523] Berechtigungseskalationsschwachstelle in SAP Host Agent (Start Service)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3285757"},{"Id":"3287120","SAP_Component":"BI-BIP-INV","Title":"[Mehrere CVEs] Mehrere Schwachstellen in der SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3287120"},{"Id":"3287291","SAP_Component":"BC-DWB-TOO-ABA","Title":"[CVE-2023-23854] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3287291"},{"Id":"3287784","SAP_Component":"BC-JAS-DPL","Title":"[CVE-2023-24527] Falsche Zugriffskontrolle in SAP NetWeaver AS Java f\u00c3\u00bcr Deploy Service","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3287784"},{"Id":"3288096","SAP_Component":"BC-JAS-COR-CSH","Title":"[CVE-2023-26460] Falsche Zugriffskontrolle in SAP NetWeaver AS Java (Cache Management Service)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3288096"},{"Id":"3288394","SAP_Component":"BC-JAS-COR","Title":"[CVE-2023-24526] Falsche Zugriffskontrolle in SAP NetWeaver AS Java (Classload-Service)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3288394"},{"Id":"3288480","SAP_Component":"BC-JAS-COR-SES","Title":"[CVE-2023-27268] Falsche Zugriffskontrolle in SAP NetWeaver AS Java (Objektanalyseservice)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3288480"},{"Id":"3289844","SAP_Component":"BC-DWB-TOO-TDF","Title":"[CVE-2023-25615] SQL-Injection-Schwachstelle in SAP-ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3289844"},{"Id":"3289994","SAP_Component":"EP-PIN-PRT","Title":"[CVE-2023-28761] Fehlende Authentifizierungspr\u00c3\u00bcfung in SAP NetWeaver Enterprise Portal","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3289994"},{"Id":"3290901","SAP_Component":"FI-TV-ODT-MTR","Title":"[CVE-2023-24528] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Fiori apps for travel management in SAP ERP (\"Meine Reiseantr\u00c3\u00a4ge\")","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-28","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3290901"},{"Id":"3293786","SAP_Component":"BC-ABA-LA","Title":"[CVE-2023-23858] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-02-14","First_released_on":"2023-02-14","Link":"https:\/\/me.sap.com\/notes\/3293786"},{"Id":"3294595","SAP_Component":"BC-CCM-PRN","Title":"[CVE-2023-27269] Directory Traversal in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:N\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-04-11","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3294595"},{"Id":"3294954","SAP_Component":"BC-CTS-TMS","Title":"[CVE-2023-27501] Directory Traversal in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:N\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3294954"},{"Id":"3296328","SAP_Component":"BC-MID-ICF","Title":"[CVE-2023-27270] Denial-of-Service (DoS) in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3296328"},{"Id":"3296346","SAP_Component":"BC-MID-ICF","Title":"[CVE-2023-26459] Mehrere Schwachstellen bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3296346"},{"Id":"3296378","SAP_Component":"BC-MID-AC","Title":"[CVE-2023-28763] Denial-of-Service (DoS) in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3296378"},{"Id":"3296476","SAP_Component":"SV-SMG-SDD","Title":"[CVE-2023-27893] Ausf\u00c3\u00bchrung von beliebigem Code in SAP Solution Manager und verwalteten ABAP-Systemen (ST-PI)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3296476"},{"Id":"3298961","SAP_Component":"BI-BIP-LCM","Title":"[CVE-2023-28765] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen auf SAP-BusinessObjects-Business-Intelligence-Plattform (Promotion-Management)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3298961"},{"Id":"3300624","SAP_Component":"BC-SYB-PD","Title":"[CVE-2023-32111] Speicherbesch\u00c3\u00a4digungsschwachstelle in SAP PowerDesigner (Proxy)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3300624"},{"Id":"3301457","SAP_Component":"PA-FIO-FO","Title":"[CVE-2023-1903] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP-HCM-Fiori-App \"Meine Formulare\" (SAP Fiori 2.0)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3301457"},{"Id":"3301942","SAP_Component":"MFG-PCO-DMC","Title":"[CVE-2023-2827] Fehlende Authentifizierung in SAP Plant Connectivity und Production Connector f\u00c3\u00bcr SAP Digital Manufacturing","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:L\/UI:N\/S:C\/C:L\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-05-23","First_released_on":"2023-05-23","Link":"https:\/\/me.sap.com\/notes\/3301942"},{"Id":"3302162","SAP_Component":"BC-DOC-RIT","Title":"[CVE-2023-27500] Directory Traversal in SAP NetWeaver AS f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:N\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3302162"},{"Id":"3302595","SAP_Component":"BI-BIP-IDT","Title":"[CVE-2023-28764] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3302595"},{"Id":"3302710","SAP_Component":"BC-IAM-SSO-OTP","Title":"[CVE-2023-27895] Offenlegung von Informationen in SAP Authenticator f\u00c3\u00bcr Android","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-03-14","First_released_on":"2023-03-14","Link":"https:\/\/me.sap.com\/notes\/3302710"},{"Id":"3303060","SAP_Component":"BC-BSP","Title":"[CVE-2023-29185] Denial-of-Service (DoS) in SAP NetWeaver AS f\u00c3\u00bcr ABAP (Business Server Pages)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3303060"},{"Id":"3305369","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"[CVE-2023-27497] Mehrere Schwachstellen im SAP-Diagnostics-Agent (OSCommand Bridge und EventLogServiceCollector)","CVSS_Score":"10.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3305369"},{"Id":"3305907","SAP_Component":"BW-BCT-GEN","Title":"[CVE-2023-29186] Directory-Traversal-Schwachstelle in SAP NetWeaver (BI_CONT-ADD-ON)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:N\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3305907"},{"Id":"3307833","SAP_Component":"BI-BIP-SRV","Title":"[CVE-2023-28762] Schwachstellen bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3307833"},{"Id":"3309056","SAP_Component":"CRM-BF","Title":"[CVE-2023-27897] Code-Injection-Schwachstelle in SAP CRM","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3309056"},{"Id":"3309935","SAP_Component":"BI-BIP-INV","Title":"[CVE-2023-30741] Cross-Site-Scripting-Schwachstelle (XSS) in der SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3309935"},{"Id":"3311624","SAP_Component":"BC-FES-INS","Title":"[CVE-2023-29187] DLL-Hijacking-Schwachstelle in SapSetup (Softwareinstallationsprogramm)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3311624"},{"Id":"3312047","SAP_Component":"BI-BIP-CMC","Title":"Denial-of-Service-Schwachstelle (DoS) aufgrund der Verwendung einer anf\u00c3\u00a4lligen Version von Commons FileUpload in SAP-BusinessObjects-Business-Intelligence-Plattform (CMC)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3312047"},{"Id":"3312586","SAP_Component":"BI-RA-WBI","Title":"[CVE-2023-39440] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:L\/UI:R\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3312586"},{"Id":"3312733","SAP_Component":"BC-VCM-LVM","Title":"[CVE-2023-26458] Schwachstelle in SAP Landscape Management bez\u00c3\u00bcglich der Offenlegung von Informationen","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3312733"},{"Id":"3312892","SAP_Component":"EPM-BPC-NW-DOC","Title":"[CVE-2023-31407] Cross-Site Scripting (XSS) vulnerability in SAP Business Planning and Consolidation","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3312892"},{"Id":"3313484","SAP_Component":"BI-BIP-INV","Title":"[CVE-2023-30740] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3313484"},{"Id":"3315312","SAP_Component":"BC-CST-IC","Title":"[CVE-2023-29108] IP-Filterschwachstelle in ABAP-Plattform und SAP Web Dispatcher","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Beratung","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3315312"},{"Id":"3315971","SAP_Component":"CA-WUI-UI-TAG","Title":"[CVE-2023-30742] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM (WebClient UI)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3315971"},{"Id":"3315979","SAP_Component":"CA-WUI-CON","Title":"[CVE-2023-29188] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM WebClient UI","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3315979"},{"Id":"3316509","SAP_Component":"CEC-COM-CPS-COR","Title":"Schwachstelle bez\u00c3\u00bcglich Remote-Ausf\u00c3\u00bchrung von Code in SAP Commerce","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-04-11","First_released_on":"2023-04-11","Link":"https:\/\/me.sap.com\/notes\/3316509"},{"Id":"3317453","SAP_Component":"BC-JAS-EJB","Title":"[CVE-2023-30744] Falsche Zugriffskontrolle beim Anwendungsstart in SAP AS NetWeaver JAVA","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3317453"},{"Id":"3317702","SAP_Component":"BI-BIP-INS","Title":"[CVE-2023-40623] Beliebige Dateil\u00c3\u00b6schung \u00c3\u00bcber Verzeichnisverkn\u00c3\u00bcpfung in SAP BusinessObjects Suite (Installationsprogramm)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:L\/UI:R\/S:C\/C:N\/I:L\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3317702"},{"Id":"3317710","SAP_Component":"BI-BIP-INS","Title":"[CVE-2023-37490] Bin\u00c3\u00a4rer Hijacking-Angriff in SAP BusinessObjects Business Intelligence Suite (Installationsprogramm)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3317710"},{"Id":"3318657","SAP_Component":"BC-CTS-DTR","Title":"[CVE-2023-33984] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver (Design Time Repository)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2023-06-13","Link":"https:\/\/me.sap.com\/notes\/3318657"},{"Id":"3318850","SAP_Component":"BC-MID-RFC","Title":"[CVE-2023-35874] Falsche Zugriffskontrolle in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3318850"},{"Id":"3319400","SAP_Component":"BI-BIP-INV","Title":"[CVE-2023-31406] Cross-Site-Scripting-Schwachstelle (XSS) in der SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3319400"},{"Id":"3320145","SAP_Component":"CEC-COM-CPS-OTH","Title":"Denial-of-Service-Schwachstelle (DoS) in SAP Commerce","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3320145"},{"Id":"3320355","SAP_Component":"BI-BIP-LCM","Title":"[CVE-2023-40622] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen auf SAP-BusinessObjects-Business-Intelligence-Plattform (Promotion-Verwaltung)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3320355"},{"Id":"3320467","SAP_Component":"BC-FES-GUI","Title":"[CVE-2023-32113] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP GUI for Windows","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:H\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3320467"},{"Id":"3320702","SAP_Component":"BI-BIP-SRV","Title":"[CVE-2023-36917] Umgehung der Kennwort\u00c3\u00a4nderungsratenbegrenzung in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3320702"},{"Id":"3321309","SAP_Component":"CEC-COM-CPS-OTH","Title":"Information Disclosure vulnerability in SAP Commerce (Backoffice)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3321309"},{"Id":"3322800","SAP_Component":"CA-WUI-UI-TAG","Title":"Aktualisierung 1 zum Sicherheitshinweis 3315971 - [CVE-2023-30742] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM (WebClient UI)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2023-06-13","Link":"https:\/\/me.sap.com\/notes\/3322800"},{"Id":"3323163","SAP_Component":"BC-WD-UR","Title":"[CVE-2023-40624] Code-Injection-Schwachstelle in SAP NetWeaver AS ABAP (Anwendungen, die auf Unified Rendering basieren)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3323163"},{"Id":"3323415","SAP_Component":"SCM-IBP-XLS","Title":"[CVE-2023-29080] Schwachstelle im Hinblick auf Berechtigungseskalation in SAP IBP, Add-in f\u00c3\u00bcr Microsoft Excel","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3323415"},{"Id":"3324285","SAP_Component":"CA-UI5-COR","Title":"[CVE-2023-33991] - Stored-Cross-Site-Scripting-Schwachstelle in SAP UI5 (Variantenverwaltung)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-06-27","First_released_on":"2023-06-13","Link":"https:\/\/me.sap.com\/notes\/3324285"},{"Id":"3324732","SAP_Component":"BC-JAS-SEC","Title":"[CVE-2023-31405] Log-Injection-Schwachstelle in SAP NetWeaver AS f\u00c3\u00bcr Java (Log Viewer)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-01-09","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3324732"},{"Id":"3325642","SAP_Component":"BC-CTS-TMS-CTR","Title":"[CVE-2023-32114] Denial-of-Service in SAP NetWeaver (Change and Transport System)","CVSS_Score":"2.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2023-06-13","Link":"https:\/\/me.sap.com\/notes\/3325642"},{"Id":"3326210","SAP_Component":"CA-UI5-CTR-BAL","Title":"[CVE-2023-30743] - unzul\u00c3\u00a4ssige Neutralisierung von Eingaben in SAPUI5","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3326210"},{"Id":"3326361","SAP_Component":"MM-FIO-PUR-SQ-CON","Title":"[CVE-2023-40625] Fehlende Berechtigungspr\u00c3\u00bcfung in App \"Einkaufskontrakte verwalten\"","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3326361"},{"Id":"3326769","SAP_Component":"KM-SEN-MGR","Title":"[Mehrere CVEs] Mehrere Sicherheitsschwachstellen in SAP Enable Now","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3326769"},{"Id":"3327896","SAP_Component":"BC-IAM-SSO-CCL","Title":"[CVE-2023-40308] Speicherbesch\u00c3\u00a4digungsschwachstelle in SAP CommonCryptoLib","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3327896"},{"Id":"3328495","SAP_Component":"CA-VE","Title":"Multiple vulnerabilities associated with Reprise License Manager 14.2 component used with SAP 3D Visual Enterprise License Manager","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-05-09","First_released_on":"2023-05-09","Link":"https:\/\/me.sap.com\/notes\/3328495"},{"Id":"3331029","SAP_Component":"BC-SYB-SQA-SRV","Title":"[CVE-2023-33990] Denial-of-Service-Schwachstelle (DoS) in SAP SQL Anywhere","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3331029"},{"Id":"3331376","SAP_Component":"BW-BCT-GEN","Title":"[CVE-2023-33989] Directory-Traversal-Schwachstelle in SAP NetWeaver (BI_CONT-ADD-ON)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:N\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-07-14","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3331376"},{"Id":"3331627","SAP_Component":"EP-PIN-NAV","Title":"[CVE-2023-33985] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver (Enterprise Portal)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-06-13","First_released_on":"2023-06-13","Link":"https:\/\/me.sap.com\/notes\/3331627"},{"Id":"3333426","SAP_Component":"BC-JAS-ADM-MON","Title":"[CVE-2023-42477] Serverseitige Request-Forgery in SAP NetWeaver AS Java (GRMG-Heartbeat-Anwendung)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-10-26","First_released_on":"2023-10-10","Link":"https:\/\/me.sap.com\/notes\/3333426"},{"Id":"3333616","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2023-37487] Sicherheitsschwachstelle in SAP Business One (Service-Schicht) aufgrund einer Fehlkonfiguration","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3333616"},{"Id":"3337797","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2023-33993] SQL-Injection-Schwachstelle in SAP Business One (B1i-Schicht)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3337797"},{"Id":"3338380","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2023-41365] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Business One (B1i)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-10-10","First_released_on":"2023-10-10","Link":"https:\/\/me.sap.com\/notes\/3338380"},{"Id":"3340576","SAP_Component":"BC-IAM-SSO-CCL","Title":"[CVE-2023-40309] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP CommonCryptoLib","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-10-24","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3340576"},{"Id":"3340735","SAP_Component":"BC-CST-WDP","Title":"[CVE-2023-35871] Speicherbesch\u00c3\u00a4digungsschwachstelle in SAP Web Dispatcher","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3340735"},{"Id":"3341211","SAP_Component":"FI-FIO-GL-TRA","Title":"[CVE-2023-35870] Unzul\u00c3\u00a4ssige Zugriffskontrolle in SAP S\/4HANA (\"Buchungsbelegvorlage verwalten\")","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3341211"},{"Id":"3341460","SAP_Component":"BC-SYB-PD","Title":"[CVE-2023-37483] Mehrere Schwachstellen in SAP PowerDesigner","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3341460"},{"Id":"3341599","SAP_Component":"BC-SYB-PD","Title":"[CVE-2023-36923] Code-Injection-Schwachstelle in SAP PowerDesigner","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3341599"},{"Id":"3341934","SAP_Component":"CEC-SCC-COM-BC-OCC","Title":"[CVE-2023-37486] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP Commerce (OCC-API)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3341934"},{"Id":"3343547","SAP_Component":"BC-XI-IS-WKB","Title":"[CVE-2023-35873] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver Process Integration (Runtime Workbench)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3343547"},{"Id":"3343564","SAP_Component":"BC-XI-IS-WKB","Title":"[CVE-2023-35872] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver Process Integration (Message Display Tool)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3343564"},{"Id":"3344295","SAP_Component":"BC-CST-MS","Title":"[CVE-2023-37491] Schwachstelle aufgrund falscher Berechtigungspr\u00c3\u00bcfung in SAP Message Server","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3344295"},{"Id":"3346500","SAP_Component":"CEC-SCC-PLA-PL","Title":"[CVE-2023-39439] Improper authentication in SAP Commerce Cloud","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-03-12","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3346500"},{"Id":"3348000","SAP_Component":"BC-CCM-CNF-PFL","Title":"[CVE-2023-37492] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3348000"},{"Id":"3348142","SAP_Component":"BC-GP","Title":"[CVE-2023-41367] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP NetWeaver (Guided Procedures)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3348142"},{"Id":"3348145","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"[CVE-2023-36921] Header-Injection in SAP Solution Manager (Diagnostics-Agent)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3348145"},{"Id":"3349468","SAP_Component":"BC-SYB-REP","Title":"[CVE-2024-33008] Speicherbesch\u00c3\u00a4digungsschwachstelle in SAP Replication Server","CVSS_Score":"4.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3349468"},{"Id":"3349805","SAP_Component":"FS-QUO","Title":"Denial-of-Service-Schwachstelle (DOS) aufgrund der Verwendung einer anf\u00c3\u00a4lligen Version von Commons FileUpload in SAP Quotation Management Insurance (FS-QUO)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3349805"},{"Id":"3350297","SAP_Component":"IS-OIL-DS-HPM","Title":"[CVE-2023-36922] BS-Befehl-Injection-Schwachstelle in SAP ECC und SAP S\/4HANA (IS-OIL)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-12-12","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3350297"},{"Id":"3350494","SAP_Component":"BC-XI-IBF-WU","Title":"[CVE-2023-37488] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Process Integration","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3350494"},{"Id":"3351410","SAP_Component":"IS-DFS-BIT-DIS","Title":"[CVE-2023-36924] Protokoll-Injection-Schwachstelle in SAP ERP Defense Forces and Public Security","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3351410"},{"Id":"3352058","SAP_Component":"SV-SMG-DIA-SRV-AGT","Title":"[CVE-2023-36925] Nicht authentifizierter blinder SSRF in SAP Solution Manager (Diagnostics-Agent)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-07-11","First_released_on":"2023-07-11","Link":"https:\/\/me.sap.com\/notes\/3352058"},{"Id":"3352453","SAP_Component":"BI-BIP-LCM","Title":"[CVE-2023-37489] Schwachstelle mit Blick auf Offenlegung von Informationen auf SAP-BusinessObjects-Business-Intelligence-Plattform (Versionsverwaltungssystem)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3352453"},{"Id":"3355658","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2023-31403] Schwachstelle mit nicht ordnungsgem\u00c3\u00a4\u00c3\u0178er Zugriffskontrolle bei SAP-Business-One-Produktinstallation","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-11-14","First_released_on":"2023-11-14","Link":"https:\/\/me.sap.com\/notes\/3355658"},{"Id":"3355675","SAP_Component":"FI-FIO-AP-CHK","Title":"[CVE-2023-41368] IDOR-Schwachstelle (unsichere direkte Objektreferenz) in SAP S\/4HANA (Anwendung \"Scheckhefte verwalten\")","CVSS_Score":"2.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3355675"},{"Id":"3357154","SAP_Component":"BC-SYB-PD","Title":"[CVE-2023-40310] Schwachstelle mit Blick auf fehlende XML-Validierung im BPMN2-Import von SAP PowerDesigner Client","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-10-10","First_released_on":"2023-10-10","Link":"https:\/\/me.sap.com\/notes\/3357154"},{"Id":"3357163","SAP_Component":"BC-SYB-PD","Title":"[CVE-2023-40621] Code-Injection-Schwachstelle in SAP-PowerDesigner-Client","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3357163"},{"Id":"3358300","SAP_Component":"SBO-CRO-SEC","Title":"[CVE-2023-39437] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Business One","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:H\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3358300"},{"Id":"3358328","SAP_Component":"BC-CCM-HAG","Title":"[CVE-2023-36926] Schwachstelle bei Offenlegung von Informationen in SAP Host-Agent","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Beratung","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-08-08","First_released_on":"2023-08-08","Link":"https:\/\/me.sap.com\/notes\/3358328"},{"Id":"3359778","SAP_Component":"BC-CST-DP","Title":"[CVE-2024-30218] Denial-of-Service-Schwachstelle (DoS) in SAP NetWeaver AS ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3359778"},{"Id":"3360827","SAP_Component":"BC-FES-ITS","Title":"[CVE-2024-24740] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver Application Server ABAP (SAP-Kernel)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3360827"},{"Id":"3362463","SAP_Component":"BC-MID-SCC","Title":"[CVE-2023-49578] Denial-of-Service (DoS) in SAP Cloud Connector","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3362463"},{"Id":"3362849","SAP_Component":"BC-CST-IC","Title":"[CVE-2023-41366] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver Application Server ABAP und ABAP-Plattform","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-11-14","First_released_on":"2023-11-14","Link":"https:\/\/me.sap.com\/notes\/3362849"},{"Id":"3363690","SAP_Component":"CA-MDG-ML","Title":"[CVE-2023-49058] Directory-Traversal-Schwachstelle in SAP Master Data Governance","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2024-01-31","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3363690"},{"Id":"3366410","SAP_Component":"BC-JAS-SEC","Title":"[CVE-2023-42480] Offenlegung von Informationen in SAP NetWeaver AS Java Logon","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-11-14","First_released_on":"2023-11-14","Link":"https:\/\/me.sap.com\/notes\/3366410"},{"Id":"3369353","SAP_Component":"BI-RA-WBI-FE","Title":"[CVE-2023-42476] Cross-Site-Scripting-Schwachstelle in SAP BusinessObjects Web Intelligence","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3369353"},{"Id":"3369680","SAP_Component":"FI-FIO-AP","Title":"[CVE-2023-41369] External-Entity-Loop-Schwachstelle in SAP S\/4HANA (Anwendung \"Einzelzahlung anlegen\")","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3369680"},{"Id":"3370490","SAP_Component":"BI-RA-WBI-FE","Title":"[CVE-2023-42472] Schwachstelle mit Blick auf unzureichende Dateityp-Validierung in SAP-BusinessObjects-Business-Intelligence-Plattform (Web-Intelligence-HTML-Schnittstelle)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-09-12","First_released_on":"2023-09-12","Link":"https:\/\/me.sap.com\/notes\/3370490"},{"Id":"3371873","SAP_Component":"BC-JAS-SEC","Title":"Aktualisierung 1 zu Sicherheitshinweis 3324732: [CVE-2023-31405] Log-Injection-Schwachstelle in SAP NetWeaver AS f\u00c3\u00bcr Java (Log Viewer)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-10-10","First_released_on":"2023-10-10","Link":"https:\/\/me.sap.com\/notes\/3371873"},{"Id":"3372991","SAP_Component":"BI-RA-WBI-FE","Title":"[CVE-2023-42474] Cross-Site-Scripting-Schwachstelle (XSS) in SAP BusinessObjects Web Intelligence","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-10-10","First_released_on":"2023-10-10","Link":"https:\/\/me.sap.com\/notes\/3372991"},{"Id":"3377979","SAP_Component":"BC-FES-WGU","Title":"[CVE-2024-27902] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver AS ABAP (auf SAP GUI for HTML (Web Gui) basierende Anwendungen)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3377979"},{"Id":"3382353","SAP_Component":"BI-BIP-ADM","Title":"[CVE-2023-42478] Cross-Site-Scripting-Schwachstelle in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:L\/I:H\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3382353"},{"Id":"3383321","SAP_Component":"FIN-FSCM-BD","Title":"[CVE-2023-42479] Cross-Site-Scripting-(XSS)-Schwachstelle in SAP Biller Direct","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3383321"},{"Id":"3385711","SAP_Component":"BC-FES-WGU","Title":"[CVE-2023-49580] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver Application Server ABAP","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3385711"},{"Id":"3386378","SAP_Component":"BC-FES-CTL","Title":"[CVE-2024-22125] Schwachstelle mit Blick auf Offenlegung von Informationen in Microsoft-Edge-Browsererweiterung (SAP GUI Connector f\u00c3\u00bcr Microsoft Edge)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3386378"},{"Id":"3387737","SAP_Component":"BC-SRV-COM","Title":"[CVE-2024-21738] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Application Server ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3387737"},{"Id":"3389917","SAP_Component":"BC-CST-IC","Title":"[CVE-2023-44487] Denial-of-Service (DOS) in SAP Web Dispatcher, SAP NetWeaver Application Server ABAP und ABAP-Plattform","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3389917"},{"Id":"3392049","SAP_Component":"FIN-FSCM-CLM-BAM","Title":"[CVE-2024-33000] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Bank Account Management","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2024-06-11","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3392049"},{"Id":"3392547","SAP_Component":"BC-CCM-MON-ORA","Title":"[CVE-2023-49581] SQL-Injection-Schwachstelle in SAP NetWeaver Application Server ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3392547"},{"Id":"3392626","SAP_Component":"BC-CST-IC","Title":"[CVE-2024-22124] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP NetWeaver Internet Communication Manager","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3392626"},{"Id":"3394567","SAP_Component":"CEC-COM-CPS","Title":"[CVE-2023-42481] Schwachstelle bez\u00c3\u00bcglich ungeeigneter Zugriffskontrollen in SAP Commerce Cloud","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3394567"},{"Id":"3395306","SAP_Component":"SV-SMG-IMP","Title":"[CVE-2023-49587] Command-Injection-Schwachstelle in SAP Solution Manager","CVSS_Score":"6.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3395306"},{"Id":"3396109","SAP_Component":"BC-FES-BUS","Title":"[CVE-2024-22128] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Business Client for HTML","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3396109"},{"Id":"3399691","SAP_Component":"IS-OIL-DS-HPM","Title":"Update 1 zu 3350297 - [CVE-2023-36922] BS-Befehl-Injection-Schwachstelle in SAP ECC und SAP S\/4HANA (IS-OIL)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3399691"},{"Id":"3404025","SAP_Component":"KM-SEN-CMP","Title":"[CVE-2024-22129] Cross-Site-Scripting-Schwachstelle (XSS) in SAP Companion","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3404025"},{"Id":"3406244","SAP_Component":"CEC-EMA","Title":"[CVE-2023-6542] Missing Authorization Check in SAP EMARSYS SDK ANDROID","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3406244"},{"Id":"3406786","SAP_Component":"CA-FLP-ABA","Title":"[CVE-2023-49584] Client-seitige Desynchronisationsschwachstelle in SAP Fiori Launchpad","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2023-12-12","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3406786"},{"Id":"3407617","SAP_Component":"CA-LT-SLT","Title":"[CVE-2024-21735] Improper Authorization check in SAP LT Replication Server","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.1\/AV:A\/AC:H\/PR:H\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3407617"},{"Id":"3410615","SAP_Component":"HAN-AS-XS","Title":"[CVE-2023-44487 ] Denial-of-Service (DOS) in SAP HANA XS Classic und HANA XS Advanced","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3410615"},{"Id":"3410875","SAP_Component":"CA-WUI-UI","Title":"[CVE-2024-22130] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM (WebClient UI)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3410875"},{"Id":"3411067","SAP_Component":"BC-CP-CF-SEC-LIB","Title":"[Mehrere CVEs] Rechteausweitung in SAP Business Technology Platform (BTP) Security Services Integration Libraries","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"HotNews","Released_On":"2023-12-13","First_released_on":"2023-12-12","Link":"https:\/\/me.sap.com\/notes\/3411067"},{"Id":"3411869","SAP_Component":"BC-SRV-AIF","Title":"[CVE-2024-21737] Code-Injection-Schwachstelle in SAP Application Interface Framework (Datei-Adapter)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3411869"},{"Id":"3412456","SAP_Component":"CA-BAS-S8D","Title":"[CVE-2023-49583] Escalation of Privileges in applications developed through SAP Business Application Studio, SAP Web IDE Full-Stack and SAP Web IDE for SAP HANA","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"HotNews","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3412456"},{"Id":"3413475","SAP_Component":"BC-CP-IS-EDG-DPL","Title":"[Mehrere CVEs] Rechteausweitung in SAP Edge Integration Cell","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"HotNews","Released_On":"2024-01-09","First_released_on":"2024-01-09","Link":"https:\/\/me.sap.com\/notes\/3413475"},{"Id":"3414195","SAP_Component":"BI-BIP-CMC","Title":"[CVE-2023-50164] Pfad-Traversal-Schwachstelle auf SAP-BusinessObjects-Business-Intelligence-Plattform (Central Management Console)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3414195"},{"Id":"3417399","SAP_Component":"PA-FIO-LEA","Title":"[CVE-2024-22133] Ungeeignete Zugriffskontrolle in SAP-Fiori-Frontend-Server","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3417399"},{"Id":"3417627","SAP_Component":"BC-JAS-SEC-UME","Title":"[CVE-2024-22126] Cross-Site-Scripting-Schwachstelle in SAP NetWeaver AS Java (Benutzerverwaltungsanwendung)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3417627"},{"Id":"3419022","SAP_Component":"BC-SRV-APS-APJ","Title":"[CVE-2024-27900] Fehlende Berechtigungspr\u00c3\u00bcfung in der SAP-ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3419022"},{"Id":"3420923","SAP_Component":"CA-SUR","Title":"[CVE-2024-22131] Code-Injection-Schwachstelle in SAP ABA (Anwendungsbasis)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3420923"},{"Id":"3421384","SAP_Component":"BI-RA-WBI","Title":"[CVE-2024-25646] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP BusinessObjects Web Intelligence","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3421384"},{"Id":"3421453","SAP_Component":"BC-MID-BUS","Title":"[Mehrere CVEs] Cross-Site-Scripting-Schwachstellen (XSS) in SAP Business Connector","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3421453"},{"Id":"3421659","SAP_Component":"XX-IDES","Title":"[CVE-2024-22132] Code-Injection-Schwachstelle in SAP-IDES-Systemen","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3421659"},{"Id":"3423268","SAP_Component":"CA-ATP-SUP-2CL","Title":"[CVE-2023-30533] Prototype Pollution in SAP S\/4 HANA (Manage Supply Protection)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-07-23","First_released_on":"2024-07-23","Link":"https:\/\/me.sap.com\/notes\/3423268"},{"Id":"3424610","SAP_Component":"BC-MID-SCC","Title":"[CVE-2024-25642] Falsche Zertifikatsvalidierung in SAP Cloud Connector","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3424610"},{"Id":"3425188","SAP_Component":"BC-ESI-WS-JAV-RT","Title":"[CVE-2024-27898] Serverseitige Request-Forgery in SAP NetWeaver (tc~esi~esp~grmg~wshealthcheck~ear)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3425188"},{"Id":"3425274","SAP_Component":"CA-LCA-ACP","Title":"[CVE-2019-10744] Code-Injection-Schwachstelle in Anwendungen, die mit SAP Build Apps erstellt wurden","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3425274"},{"Id":"3425571","SAP_Component":"BC-GP","Title":"[CVE-2024-28164] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver AS Java (Guided Procedures)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-06-11","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3425571"},{"Id":"3425682","SAP_Component":"BC-ESI-WS-JAV-RT","Title":"[CVE-2024-25644] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver (WSRM)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3425682"},{"Id":"3426111","SAP_Component":"BC-GP","Title":"[CVE-2024-24743] XXE-Schwachstelle in SAP NetWeaver AS Java (Guided Procedures)","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-02-13","First_released_on":"2024-02-13","Link":"https:\/\/me.sap.com\/notes\/3426111"},{"Id":"3427178","SAP_Component":"FIN-FSCM-CLM-BAM","Title":"[CVE-2024-30216] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA (Cash Management)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3427178"},{"Id":"3428847","SAP_Component":"EP-PIN-APF-OPR","Title":"[CVE-2024-25645] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP NetWeaver (Enterprise Portal)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3428847"},{"Id":"3430173","SAP_Component":"FIN-FSCM-CLM-BAM","Title":"[CVE-2024-30217] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA (Cash Management)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3430173"},{"Id":"3431794","SAP_Component":"BI-BIP-INV","Title":"[CVE-2024-28165] Cross-Site-Scripting-Schwachstelle in SAP-BusinessObjects-Business-Intelligence-Plattform","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3431794"},{"Id":"3433192","SAP_Component":"BC-JAS-ADM-LOG","Title":"[CVE-2024-22127] Code-Injection-Schwachstelle in SAP NetWeaver AS Java (Administrator-Log-Viewer-Plug-In)","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3433192"},{"Id":"3434192","SAP_Component":"BC-XI-IBF-UI","Title":"[CVE-2024-28163] Schwachstelle mit Blick auf Offenlegung von Informationen in SAP NetWeaver Process Integration (Support Web Pages)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-03-12","First_released_on":"2024-03-12","Link":"https:\/\/me.sap.com\/notes\/3434192"},{"Id":"3434666","SAP_Component":"FI-FIO-AR-PAY","Title":"[Mehrere CVEs] Fehlende Berechtigungspr\u00c3\u00bcfungen in SAP S\/4HANA (\"Nachbearbeitungsregeln f\u00c3\u00bcr Kontoausz\u00c3\u00bcge verwalten\")","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3434666"},{"Id":"3434839","SAP_Component":"BC-JAS-SEC-UME","Title":"[CVE-2024-27899] Schwachstelle mit Blick auf falsche Sicherheitskonfiguration in SAP NetWeaver AS Java User Management Engine","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3434839"},{"Id":"3438234","SAP_Component":"FI-AA-AA-A","Title":"[CVE-2024-27901] Directory-Traversal-Schwachstelle in SAP-Anlagenbuchhaltung","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3438234"},{"Id":"3441817","SAP_Component":"BI-BIP-PUB","Title":"[CVE-2024-34684] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP-BusinessObjects-Business-Intelligence-Plattform (Scheduling)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:H\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2024-06-11","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3441817"},{"Id":"3441944","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2024-32730] Missing authorization check in SAP Enable Now Manager","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","Category":"Info zum Upgrade","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-23","First_released_on":"2024-04-23","Link":"https:\/\/me.sap.com\/notes\/3441944"},{"Id":"3442378","SAP_Component":"FIN-CS-CDC-DC","Title":"[CVE-2024-28167] Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3442378"},{"Id":"3442741","SAP_Component":"LOD-HCI-PI-OP-NM","Title":"Stack overflow vulnerability on the component images of SAP Integration Suite (EDGE INTEGRATION CELL)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:A\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-04-09","First_released_on":"2024-04-09","Link":"https:\/\/me.sap.com\/notes\/3442741"},{"Id":"3446076","SAP_Component":"CA-UI5-SC","Title":"[CVE-2024-33007] Schwachstelle bei clientseitiger Skriptausf\u00c3\u00bchrung in SAP UI5 (PDFViewer)","CVSS_Score":"3.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3446076"},{"Id":"3447467","SAP_Component":"FI-TV-ODT-MTR","Title":"[CVE-2024-32731] Fehlende Berechtigungspr\u00c3\u00bcfung in \"Meine Reiseantr\u00c3\u00a4ge\"","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3447467"},{"Id":"3448171","SAP_Component":"BC-SRV-KPR-CMS","Title":"[CVE-2024-33006] Datei-Upload-Schwachstelle in SAP NetWeaver Application Server ABAP und ABAP-Plattform","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3448171"},{"Id":"3448445","SAP_Component":"BC-SRV-GBT-GOS","Title":"[CVE-2024-34687] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3448445"},{"Id":"3449093","SAP_Component":"BI-BIP-INV","Title":"[CVE-2024-33004] Unsichere Speicherschwachstelle in SAP-BusinessObjects-Business-Ontelligence-Plattform (Web-Services)","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:P\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3449093"},{"Id":"3450286","SAP_Component":"BC-MID-AC","Title":"[CVE-2024-32733] Cross-Site-Scripting-Schwachstelle (XSS) in SAP NetWeaver Application Server ABAP und ABAP-Plattform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-28","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3450286"},{"Id":"3453170","SAP_Component":"SV-SMG-SDD","Title":"[CVE-2024-33001] Denial-of-Service-Angriff (DOS) in SAP NetWeaver und ABAP-Platfform","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-06-11","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3453170"},{"Id":"3454858","SAP_Component":"BC-SRV-DX-DXW","Title":"[CVE-2024-37180] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3454858"},{"Id":"3455438","SAP_Component":"CEC-SCC-PLA-PL","Title":"[CVE-2019-17495] Mehrere Schwachstellen in SAP CX Commerce","CVSS_Score":"9.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","Category":"Programmfehler","Prio":"HotNews","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3455438"},{"Id":"3456952","SAP_Component":"BC-MID-ICF","Title":"[CVE-2024-39599] Ausfall des Schutzmechanismus in SAP NetWeaver Application Server f\u00c3\u00bcr ABAP und ABAP-Plattform","CVSS_Score":"4.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3456952"},{"Id":"3457265","SAP_Component":"IS-HER-CM-AD","Title":"[CVE-2024-34690] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP Student Lifecycle Management (SLcM)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-06-11","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3457265"},{"Id":"3457354","SAP_Component":"FIN-FSCM-PF-IHB","Title":"[CVE-2024-37172] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA Finance f\u00c3\u00bcr die erweiterte Zahlungsverwaltung","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3457354"},{"Id":"3457592","SAP_Component":"EPM-BFC-TCL","Title":"[CVE-2024-37177] Cross-Site-Scripting-(XSS)-Schwachstellen in SAP Financial Consolidation","CVSS_Score":"8.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-06-11","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3457592"},{"Id":"3458789","SAP_Component":"BC-BMT-WFM","Title":"[CVE-2024-34689] Serverseitige Request Forgery in SAP Business Workflow (WebFlow-Services)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-23","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3458789"},{"Id":"3459379","SAP_Component":"CA-GTF-DOB","Title":"[CVE-2024-34683] Uneingeschr\u00c3\u00a4nkter Datei-Upload in SAP Document Builder (HTTP-Service)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-06-25","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3459379"},{"Id":"3460407","SAP_Component":"BC-DWB-JAV-MMR","Title":"[CVE-2024-34688] Denial-of-Service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-07-25","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3460407"},{"Id":"3460772","SAP_Component":"BC-EIM-ESH","Title":"[CVE-2024-33002] Cross-Site-Scripting-Schwachstelle (XSS) in SAP S\/4HANA (Document Service Handler f\u00c3\u00bcr DPS)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-05-14","First_released_on":"2024-05-14","Link":"https:\/\/me.sap.com\/notes\/3460772"},{"Id":"3461110","SAP_Component":"BC-FES-GUI","Title":"[CVE-2024-39600] Schwachstelle bez\u00c3\u00bcglich der Offenlegung von Informationen in SAP GUI for Windows","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:L\/AC:H\/PR:H\/UI:R\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3461110"},{"Id":"3465129","SAP_Component":"CA-WUI-UI","Title":"[CVE-2024-34686] Cross-Site-Scripting-Schwachstelle (XSS) in SAP CRM (WebClient UI)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-06-11","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3465129"},{"Id":"3465455","SAP_Component":"BW4-DM-TRFN","Title":"[CVE-2024-37176] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP-BW\/4HANA-Transformation und DTP","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:N\/I:L\/A:L","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-23","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3465455"},{"Id":"3466175","SAP_Component":"FI-FIO-AR-PAY","Title":"[CVE-2024-34691] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP S\/4HANA (\"Eingangszahlungsdateien verwalten\")","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:H\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-06-11","First_released_on":"2024-06-11","Link":"https:\/\/me.sap.com\/notes\/3466175"},{"Id":"3466801","SAP_Component":"BC-VCM-LVM","Title":"[CVE-2024-39593] Schwachstelle in SAP Landscape Management bez\u00c3\u00bcglich der Offenlegung von Informationen","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:R\/S:C\/C:H\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-23","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3466801"},{"Id":"3467377","SAP_Component":"CA-WUI-UI","Title":"[Mehrere CVEs] Mehrere Schwachstellen in SAP CRM (WebClient UI)","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3467377"},{"Id":"3468681","SAP_Component":"EP-PIN-WPC-WCM","Title":"[CVE-2024-34685] Cross-Site-Scripting-Schwachstelle (XSS) in XMLEditor von SAP NetWeaver Knowledge Management","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3468681"},{"Id":"3469958","SAP_Component":"TM-CP","Title":"[CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3469958"},{"Id":"3476340","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2024-34692] Uneingeschr\u00c3\u00a4nkte Datei-Upload-Schwachstelle in SAP Enable Now","CVSS_Score":"3.0","CVSS_Vector":"CVSS:\/AV:L\/AC:H\/PR:L\/UI:R\/S:U\/C:L\/I:L\/A:N","Category":"Info zum Upgrade","Prio":"Korrektur mit niedriger Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3476340"},{"Id":"3476348","SAP_Component":"KM-SEN-MGR","Title":"[CVE-2024-39596] Schwachstelle aufgrund fehlender Berechtigungspr\u00c3\u00bcfung in SAP Enable Now","CVSS_Score":"4.0","CVSS_Vector":"CVSS:\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","Category":"Info zum Upgrade","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3476348"},{"Id":"3482217","SAP_Component":"BW-PLA-BPS","Title":"[CVE-2024-39594] Mehrere Cross-Site-Scripting-Schwachstellen (XSS) in SAP Business Warehouse - Business Planning and Simulation","CVSS_Score":"6.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-12","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3482217"},{"Id":"3483344","SAP_Component":"FIN-BA","Title":"[CVE-2024-39592] Fehlende Berechtigungspr\u00c3\u00bcfung in SAP PDCE","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3483344"},{"Id":"3483993","SAP_Component":"BC-BMT-WFM","Title":"[CVE-2024-34689] Voraussetzung f\u00c3\u00bcr Sicherheitshinweis 3458789","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Programmfehler","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3483993"},{"Id":"3485805","SAP_Component":"BC-BMT-WFM","Title":"[CVE-2024-34689] Erlaubtliste von Callback-URLs in SAP Business Workflow (WebFlow-Services)","CVSS_Score":"5.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:L\/I:N\/A:N","Category":"Info zum Upgrade","Prio":"Korrektur mit mittlerer Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3485805"},{"Id":"3490515","SAP_Component":"CEC-SCC-COM-BC-CS","Title":"[CVE-2024-39597] Falsche Berechtigungspr\u00c3\u00bcfungen auf Composable-Storefront-B2B-Sites mit fr\u00c3\u00bcher Anmeldung von SAP Commerce","CVSS_Score":"7.0","CVSS_Vector":"CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:L\/A:N","Category":"Programmfehler","Prio":"Korrektur mit hoher Priorit\u00c3\u00a4t","Released_On":"2024-07-09","First_released_on":"2024-07-09","Link":"https:\/\/me.sap.com\/notes\/3490515"}]}