41
|
6.3 |
MEDIUM
Network
|
sap
|
bank_account_management
|
SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and a…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-24739
|
2024-10-17 06:20 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
4.1 |
MEDIUM
Network
|
sap
|
crm_-_webclient_ui
|
SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-24742
|
2024-10-17 06:18 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
43
|
5.3 |
MEDIUM
Network
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attack…
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-24740
|
2024-10-17 06:18 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
44
|
7.4 |
HIGH
Network
|
sap
|
cloud_connector
|
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attack…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2024-25642
|
2024-10-17 06:17 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
7.5 |
HIGH
Network
sap
|
netweaver_application_server_java
|
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enabl…
Update
|
CWE-611
XXE
|
CVE-2024-24743
|
2024-10-17 06:17 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
46
|
4.3 |
MEDIUM
Network
|
sap
|
master_data_governance_for_material_data
|
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escala…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-24741
|
2024-10-17 06:16 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
7.6 |
HIGH
Network
|
sap
|
companion
|
SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-22129
|
2024-10-17 06:16 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
- |
|
-
|
-
|
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code
New
|
-
|
CVE-2024-48758
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
- |
|
-
|
-
|
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.
New
|
-
|
CVE-2024-48180
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
- |
|
-
|
-
|
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.
New
|
-
|
CVE-2024-46213
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|