77 matches found
CVE-2026-24312
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...
CVE-2026-24312
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...
CVE-2026-24312 Missing authorization check in SAP Business Workflow
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...
CVE-2026-24312 Missing authorization check in SAP Business Workflow
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...
PT-2026-7217
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...
SAP Business Workflow 安全漏洞
SAP Business Workflow is a key component of SAP, a German company, used for executing business processes. It allows users to design, implement, and manage business processes, ensuring compliance with regulations and reducing the need for manual operations through automation. There is a security...
EUVD-2020-18797
Malware in sbrugna...
EUVD-2020-18796
Malware in sbrugna...
EUVD-2020-18798
Malware in sbrugna...
EUVD-2020-18802
Malware in sbrugna...
EUVD-2020-18803
Malware in sbrugna...
EUVD-2020-18800
Malware in sbrugna...
EUVD-2020-18801
Malware in sbrugna...
EUVD-2024-34988
Malicious code in bioql PyPI...
EUVD-2025-1488
Malicious code in bioql PyPI...
CVE-2025-0058
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...
CVE-2020-26173
An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents PDF by providing a valid document ID and token. No further authentication is required...
CVE-2020-26172
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp...
CVE-2020-26175
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users...
CVE-2020-26174
tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser client-side and can be circumvented. This allows an attacker to upload any file as an...