|
199371
|
6.1 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Re…
|
CWE-601
Open Redirect
|
CVE-2021-21491
|
2024-11-21 14:48 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199372
|
6.5 |
MEDIUM
Network
|
linuxfoundation
|
besu
|
Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API servic…
|
-
|
CVE-2021-21369
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199373
|
3.3 |
LOW
Local
|
sap
|
3d_visual_enterprise_viewer
|
When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes tempora…
|
NVD-CWE-noinfo
|
CVE-2021-21493
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199374
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_knowledge_management
|
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deseriali…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21488
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199375
|
8.8 |
HIGH
Network
|
sap
|
payment_engine
|
SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
|
CWE-862
Missing Authorization
|
CVE-2021-21487
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199376
|
8.8 |
HIGH
Network
|
sap
|
enterprise_financial_services
|
SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting …
|
CWE-862
Missing Authorization
|
CVE-2021-21486
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199377
|
9.8 |
CRITICAL
Network
|
sap
|
hana
|
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.
|
CWE-863
Incorrect Authorization
|
CVE-2021-21484
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199378
|
8.8 |
HIGH
Adjacent
|
sap
|
netweaver
|
The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access co…
|
CWE-863
Incorrect Authorization
|
CVE-2021-21481
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199379
|
8.8 |
HIGH
Network
|
sap
|
manufacturing_integration_and_intelligence
|
SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in…
|
CWE-94
Code Injection
|
CVE-2021-21480
|
2024-11-21 14:48 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199380
|
6.5 |
MEDIUM
Adjacent
|
vagrant_project
|
vagrant
|
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in …
|
-
|
CVE-2021-21361
|
2024-11-21 14:48 |
2021-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
