|
317841
|
- |
|
-
|
-
|
Due to insufficient encoding of user-controlled inputs, SAP NetWeaver AS Java allows malicious scripts to be executed in the login application. This has a limited impact on confidentiality and integr…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45280
|
2024-09-10 14:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317842
|
- |
|
-
|
-
|
Due to insufficient input validation, CRM Blueprint Application Builder Panel of SAP NetWeaver Application Server for ABAP allows an unauthenticated attacker to craft a URL link which could embed a m…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45279
|
2024-09-10 14:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317843
|
- |
|
-
|
-
|
Under certain conditions Statutory Reports in SAP S/4 HANA allows an attacker with basic privileges to access information which would otherwise be restricted. The vulnerability could expose internal …
|
CWE-213
Exposure of Sensitive Information Due to Incompatible Policies
|
CVE-2024-44121
|
2024-09-10 14:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317844
|
- |
|
-
|
-
|
SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and tric…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44120
|
2024-09-10 14:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317845
|
- |
|
-
|
-
|
The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and…
|
-
|
CVE-2024-44117
|
2024-09-10 14:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317846
|
- |
|
-
|
-
|
All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization.
|
-
|
CVE-2024-21528
|
2024-09-10 14:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317847
|
- |
|
-
|
-
|
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disc…
|
CWE-862
Missing Authorization
|
CVE-2024-45286
|
2024-09-10 13:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317848
|
- |
|
-
|
-
|
The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information …
|
CWE-862
Missing Authorization
|
CVE-2024-44116
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317849
|
- |
|
-
|
-
|
The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about ta…
|
CWE-862
Missing Authorization
|
CVE-2024-44115
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317850
|
- |
|
-
|
-
|
Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploit…
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-44113
|
2024-09-10 12:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
