1291
|
4.3 |
MEDIUM
Network
|
sap
|
s\/4hana
|
The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2023-42475
|
2024-09-29 08:15 |
2023-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1292
|
8.0 |
HIGH
Adjacent
|
sap
|
business_one
|
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shar…
|
CWE-863
Incorrect Authorization
|
CVE-2023-31403
|
2024-09-29 07:15 |
2023-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1293
|
9.9 |
CRITICAL
Network
|
sap
|
businessobjects_business_intelligence
|
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwis…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-40622
|
2024-09-29 07:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1294
|
9.8 |
CRITICAL
Network
sap
|
netweaver_application_server_abap web_dispatcher content_server hana_database host_agent extended_application_services_and_runtime sapssoext commoncryptolib netweaver_applicat…
|
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depen…
|
CWE-863
Incorrect Authorization
|
CVE-2023-40309
|
2024-09-29 07:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1295
|
8.1 |
HIGH
Network
|
sap
|
contributor_license_agreement_assistant
|
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary au…
|
CWE-862
Missing Authorization
|
CVE-2023-39438
|
2024-09-29 07:15 |
2023-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1296
|
4.4 |
MEDIUM
Local
|
sap
|
businessobjects_business_intelligence
|
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacke…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2023-39440
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1297
|
9.8 |
CRITICAL
Network
sap
|
commerce_cloud commerce_hycom
|
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
|
CWE-258
Empty Password in Configuration File
|
CVE-2023-39439
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1298
|
5.8 |
MEDIUM
Network
sap
|
supplier_relationship_management
|
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business P…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-39436
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1299
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 75…
|
CWE-862
Missing Authorization
|
CVE-2023-37492
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1300
|
8.8 |
HIGH
Network
|
sap
|
message_server
|
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can …
|
CWE-863
Incorrect Authorization
|
CVE-2023-37491
|
2024-09-29 07:15 |
2023-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|