|
196851
|
8.0 |
HIGH
Network
|
jenkins
|
jenkins
|
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or configure various objects to inject crafted content into Old Data Monitor that results in the instanti…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-21604
|
2024-11-21 14:48 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196852
|
5.4 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2021-21603
|
2024-11-21 14:48 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196853
|
6.5 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
|
CWE-59
Link Following
|
CVE-2021-21602
|
2024-11-21 14:48 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196854
|
6.5 |
MEDIUM
Network
|
sap
|
cla-assistant
|
In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could access API endpoints which are not intended to be used by the user. This could impact the integrity…
|
NVD-CWE-Other
|
CVE-2021-21471
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196855
|
6.5 |
MEDIUM
Network
|
sap
|
business_warehouse
|
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database ta…
|
CWE-862
Missing Authorization
|
CVE-2021-21468
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196856
|
4.3 |
MEDIUM
Network
|
sap
|
banking_services
|
SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display…
|
CWE-862
Missing Authorization
|
CVE-2021-21467
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196857
|
9.9 |
CRITICAL
Network
|
sap
|
business_warehouse
|
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the datab…
|
CWE-89
SQL Injection
|
CVE-2021-21465
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196858
|
4.3 |
MEDIUM
Network
|
sap
|
3d_visual_enterprise_viewer
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavaila…
|
CWE-20
Improper Input Validation
|
CVE-2021-21464
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196859
|
4.4 |
MEDIUM
Local
|
sap
|
enterprise_performance_management
|
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which…
|
CWE-611
XXE
|
CVE-2021-21470
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196860
|
7.5 |
HIGH
Network
|
sap
|
netweaver_master_data_management
|
When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in th…
|
CWE-200
Information Exposure
|
CVE-2021-21469
|
2024-11-21 14:48 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
