27 matches found
CVE-2025-42939
SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...
CVE-2025-42939 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)
SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...
CVE-2025-42939 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)
SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...
EUVD-2025-34118
SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...
CVE-2025-42939
SAP S/4HANA: The Manage Processing Rules – For Bank Statements component is affected by CVE-2025-42939. An authenticated attacker with basic privileges can tamper request parameters to delete conditions from any shared rule, due to a missing authorization check, compromising integrity without imp...
PT-2025-41844
Name of the Vulnerable Software and Affected Versions SAP S/4HANA affected versions not specified Description An authenticated attacker with basic privileges can delete conditions from any shared rule of any user by manipulating the request parameter. This is due to a missing authorization check,...
EUVD-2025-7778
Malicious code in bioql PyPI...
EUVD-2025-7780
Malicious code in bioql PyPI...
CVE-2025-9022
A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely...
CVE-2025-9022
The vulnerability (CVE-2025-9022) affects SourceCodester Online Bank Management System up to version 1.0. The issue is an SQL injection in the /bank/statements.php endpoint, triggered by manipulating the email parameter. This could be exploited remotely, impacting confidentiality, integrity, and ...
PT-2025-33456 · Sourcecodester · Online Bank Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A vulnerability exists in the processing of the /bank/statements.php file. Manipulation of the email argument can lead to SQL injection, potentially allowing for remote...
Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration
Cybersecurity researcher Jeremiah Fowler discovered a data exposure at Australian fintech Vroom by YouX, exposing 27,000 records, including driver's licenses, bank statements, and more...
CVE-2025-27436
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on...
CVE-2025-27433
The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...
CVE-2025-27436
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on...
CVE-2025-27436 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on...
CVE-2025-27436 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on...
CVE-2025-27433 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...
CVE-2025-27433 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...
CVE-2024-45282
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...