541
|
4.4 |
MEDIUM
Local
|
sap
|
businessobjects_business_intelligence
|
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacke…
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2023-39440
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
542
|
9.8 |
CRITICAL
Network
sap
|
commerce_cloud commerce_hycom
|
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
Update
|
CWE-258
Empty Password in Configuration File
|
CVE-2023-39439
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
543
|
5.8 |
MEDIUM
Network
sap
|
supplier_relationship_management
|
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business P…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-39436
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
544
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 75…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-37492
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
545
|
8.8 |
HIGH
Network
|
sap
|
message_server
|
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2023-37491
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
546
|
5.3 |
MEDIUM
Network
|
sap
|
business_one
|
SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high imp…
Update
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2023-37487
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
547
|
7.5 |
HIGH
Network
sap
|
commerce_cloud commerce_hycom
|
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successf…
Update
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2023-37486
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
548
|
9.8 |
CRITICAL
Network
sap
|
powerdesigner
|
SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-37483
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
549
|
5.3 |
MEDIUM
Network
sap
|
enable_now
|
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated …
Update
|
CWE-213
|
CVE-2023-36919
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
550
|
7.4 |
HIGH
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-35874
|
2024-09-29 07:15 |
2023-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|