1341
|
9.8 |
CRITICAL
Network
sap
|
sap-xssec
|
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attac…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2023-50423
|
2024-09-29 08:15 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1342
|
9.8 |
CRITICAL
Network
sap
|
cloud-security-services-integration-library
|
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an e…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2023-50422
|
2024-09-29 08:15 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1343
|
9.8 |
CRITICAL
Network
sap
|
\@sap\/xssec
|
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated atta…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2023-49583
|
2024-09-29 08:15 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1344
|
7.3 |
HIGH
Network
sap
|
graphical_user_interface
|
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restri…
|
NVD-CWE-noinfo
|
CVE-2023-49580
|
2024-09-29 08:15 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1345
|
3.5 |
LOW
Adjacent
|
sap
|
cloud_connector
|
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-49578
|
2024-09-29 08:15 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1346
|
8.1 |
HIGH
Network
|
sap
|
commerce_cloud
|
In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2023-42481
|
2024-09-29 08:15 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1347
|
4.3 |
MEDIUM
Network
|
sap
|
s\/4hana
|
The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2023-42475
|
2024-09-29 08:15 |
2023-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1348
|
8.0 |
HIGH
Adjacent
|
sap
|
business_one
|
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shar…
|
CWE-863
Incorrect Authorization
|
CVE-2023-31403
|
2024-09-29 07:15 |
2023-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1349
|
9.9 |
CRITICAL
Network
|
sap
|
businessobjects_business_intelligence
|
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwis…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-40622
|
2024-09-29 07:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1350
|
9.8 |
CRITICAL
Network
sap
|
netweaver_application_server_abap web_dispatcher content_server hana_database host_agent extended_application_services_and_runtime sapssoext commoncryptolib netweaver_applicat…
|
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depen…
|
CWE-863
Incorrect Authorization
|
CVE-2023-40309
|
2024-09-29 07:15 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|