Every CVE whose affected-product data names Sap S/4hana, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2026-0488 — CVSS 9.9 (critical): An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute…
CVE-2021-38176 — CVSS 8.8 (high): Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed…
CVE-2022-22531 — CVSS 8.1 (high): The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or…
CVE-2022-22530 — CVSS 8.1 (high): The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or…
CVE-2022-22542 — CVSS 6.5 (medium): S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise…
CVE-2022-31589 — CVSS 6.5 (medium): Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more…
CVE-2023-24524 — CVSS 6.5 (medium): SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in…
CVE-2023-40306 — CVSS 6.1 (medium): SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to…
CVE-2020-6184 — CVSS 6.1 (medium): Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51…
CVE-2020-6212 — CVSS 5.4 (medium): Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730…
CVE-2022-31597 — CVSS 5.4 (medium): Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for…
CVE-2020-6185 — CVSS 5.4 (medium): Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51…
CVE-2023-42473 — CVSS 5.4 (medium): S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting…
CVE-2022-32248 — CVSS 5.3 (medium): Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could…
CVE-2020-6214 — CVSS 4.7 (medium): SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected…
CVE-2023-42475 — CVSS 4.3 (medium): The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server…
CVE-2020-6316 — CVSS 4.3 (medium): SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting…