1501
|
9.9 |
CRITICAL
Network
|
sap
|
businessobjects_business_intelligence
|
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwis…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-40622
|
2024-09-29 07:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1502
|
9.8 |
CRITICAL
Network
sap
|
netweaver_application_server_abap web_dispatcher content_server hana_database host_agent extended_application_services_and_runtime sapssoext commoncryptolib netweaver_applicat…
|
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depen…
|
CWE-863
Incorrect Authorization
|
CVE-2023-40309
|
2024-09-29 07:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1503
|
8.1 |
HIGH
Network
|
sap
|
contributor_license_agreement_assistant
|
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary au…
|
CWE-862
Missing Authorization
|
CVE-2023-39438
|
2024-09-29 07:15 |
2023-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1504
|
4.4 |
MEDIUM
Local
|
sap
|
businessobjects_business_intelligence
|
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacke…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2023-39440
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1505
|
9.8 |
CRITICAL
Network
sap
|
commerce_cloud commerce_hycom
|
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
|
CWE-258
Empty Password in Configuration File
|
CVE-2023-39439
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1506
|
5.8 |
MEDIUM
Network
sap
|
supplier_relationship_management
|
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business P…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-39436
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1507
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 75…
|
CWE-862
Missing Authorization
|
CVE-2023-37492
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1508
|
8.8 |
HIGH
Network
|
sap
|
message_server
|
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can …
|
CWE-863
Incorrect Authorization
|
CVE-2023-37491
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1509
|
5.3 |
MEDIUM
Network
|
sap
|
business_one
|
SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high imp…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2023-37487
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1510
|
7.5 |
HIGH
Network
sap
|
commerce_cloud commerce_hycom
|
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successf…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2023-37486
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|