1421
|
3.5 |
LOW
Adjacent
|
sap
|
cloud_connector
|
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-49578
|
2024-09-29 08:15 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1422
|
8.1 |
HIGH
Network
|
sap
|
commerce_cloud
|
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2023-42481
|
2024-09-29 08:15 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1423
|
4.3 |
MEDIUM
Network
|
sap
|
s\/4hana
|
The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2023-42475
|
2024-09-29 08:15 |
2023-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1424
|
8.0 |
HIGH
Adjacent
|
sap
|
business_one
|
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shar…
|
CWE-863
Incorrect Authorization
|
CVE-2023-31403
|
2024-09-29 07:15 |
2023-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1425
|
9.9 |
CRITICAL
Network
|
sap
|
businessobjects_business_intelligence
|
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwis…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-40622
|
2024-09-29 07:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1426
|
9.8 |
CRITICAL
Network
sap
|
netweaver_application_server_abap web_dispatcher content_server hana_database host_agent extended_application_services_and_runtime sapssoext commoncryptolib netweaver_applicat…
|
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depen…
|
CWE-863
Incorrect Authorization
|
CVE-2023-40309
|
2024-09-29 07:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1427
|
8.1 |
HIGH
Network
|
sap
|
contributor_license_agreement_assistant
|
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary au…
|
CWE-862
Missing Authorization
|
CVE-2023-39438
|
2024-09-29 07:15 |
2023-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1428
|
4.4 |
MEDIUM
Local
|
sap
|
businessobjects_business_intelligence
|
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacke…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2023-39440
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1429
|
9.8 |
CRITICAL
Network
sap
|
commerce_cloud commerce_hycom
|
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
|
CWE-258
Empty Password in Configuration File
|
CVE-2023-39439
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1430
|
5.8 |
MEDIUM
Network
sap
|
supplier_relationship_management
|
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business P…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-39436
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|