| Page(s) : 1 ... 989 990 991 992 993 994 995 996 997 998 [999] 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 ... | Result(s) : 300671 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-02-11 | CVE-2025-0054 | cve | SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with ba... |
| N/A | 2025-02-11 | CVE-2025-0064 | cve | Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve ... |
| N/A | 2025-02-11 | CVE-2025-1165 | cve | A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulatio... |
| N/A | 2025-02-11 | CVE-2025-23187 | cve | Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an unauthenticated attacker could generate technical meta-data. This leads to a low im... |
| 4.3 | 2025-02-11 | CVE-2025-23189 | cve | Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impa... |
| 4.3 | 2025-02-11 | CVE-2025-23190 | cve | Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have acc... |
| 3.1 | 2025-02-11 | CVE-2025-23191 | cve | Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter t... |
| 5.3 | 2025-02-11 | CVE-2025-23193 | cve | SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user,... |
| 6.1 | 2025-02-11 | CVE-2025-24867 | cve | SAP BusinessObjects Platform (BI Launchpad) does not sufficiently handle user input, resulting in Cross-Site Scripting (XSS) vulnerability. The application allows an unauthentic... |
| 7.1 | 2025-02-11 | CVE-2025-24868 | cve | The User Account and Authentication service (UAA) for SAP HANA extended application services, advanced model (SAP HANA XS advanced model) allows an unauthenticated attacker to c... |
| N/A | 2025-02-11 | CVE-2025-24869 | cve | SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. T... |
| N/A | 2025-02-11 | CVE-2025-24870 | cve | SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resu... |
| N/A | 2025-02-11 | CVE-2025-24872 | cve | The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality... |
| N/A | 2025-02-11 | CVE-2025-24874 | cve | SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the ... |
| N/A | 2025-02-11 | CVE-2025-24875 | cve | SAP Commerce, by default, sets certain cookies with the SameSite attribute configured to None (SameSite=None). This includes authentication cookies utilized in SAP Commerce Back... |
| N/A | 2025-02-11 | CVE-2025-24876 | cve | The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the ... |
| N/A | 2025-02-11 | CVE-2025-25241 | cve | Due to a missing authorization check, an attacker who is logged in to application can view/ delete ?My Overtime Requests? which could allow the attacker to access employee infor... |
| N/A | 2025-02-11 | CVE-2025-25243 | cve | SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over t... |
| N/A | 2025-02-11 | CVE-2022-2283 | cve | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| N/A | 2025-02-11 | CVE-2023-1171 | cve | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| Page(s) : 1 ... 989 990 991 992 993 994 995 996 997 998 [999] 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 ... | Result(s) : 300671 |
