CVE-2024-28167 Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data)

SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization...

CVE-2024-28167

CVE-2024-28167 concerns SAP Group Reporting Data Collection and its module component related to the Enter Package Data app. The available documents state that an authenticated user may bypass authorization checks, enabling an escalation of privileges. This can allow the user to change specific da...

PT-2024-7548 · Microsoft · Azure Monitor Agent

Name of the Vulnerable Software and Affected Versions: Azure Monitor Agent affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Azure Monitor Agent, which is used for data collection from virtual machines VM and physical servers. The...

SAP Group Reporting Data Collection 安全漏洞

SAP Group Reporting Data Collection is a group reporting data collection program from SAP, Germany. A security vulnerability exists in SAP Group Reporting Data Collection that stems from not performing the required authorization checks on authenticated users, which can lead to privilege escalatio...

CVE-2023-6522

Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3914...

PT-2024-14990 · Extreme Networks · Extreme Xds

Name of the Vulnerable Software and Affected Versions: Extreme XDS versions before 3914 Description: The issue affects ExtremePacs Extreme XDS, allowing collection of data as provided by users due to improper privilege management. Recommendations: For versions before 3914, update to version 3914 ...

Dell Grab 安全漏洞

Dell Grab is a configuration technology from Dell, Inc. It is used to collect data on hosts connected to Dell EMC storage devices. A security vulnerability exists in Dell Grab 5.0.4 and prior versions, which stems from a vulnerability in application folder permissions that could be exploited by a...

TikTok faces ban in US unless it parts ways with Chinese owner ByteDance

The House of Representatives has passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. TikTok is an immensely popular social media platform that allows users to create, share, and discover, short video clips. It...

BIT-FLUENTD-2021-41186 ReDoS vulnerability in parser_apache2

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...

Acronis Cyber Protect Information Disclosure Vulnerability

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Singapore. It combines backup, anti-malware, cybersecurity and endpoint management features such as vulnerability assessment, URL filtering, patch management, and more. An information...

The New York Times vs. OpenAI: A Turning Point for Web Scraping?

In a recent blog, we covered the blurry lines of legality surrounding web scraping and how the advent of artificial intelligence AI and large language models LLMs further complicates the matter. Shortly after publishing the blog, a significant legal development began unfolding: The New York Times...

CVE-2023-4993

Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8...

CVE-2023-4993

Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8...

Privilege escalation

Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8...

CVE-2023-4993

CVE-2023-4993 affects SoliPay Mobile App (Utarit Information Technologies) before version 5.0.8. The issue is described as Incorrect Use of Privileged APIs / Improper Privilege Management, enabling collection of data provided by users. The CVE’s metrics indicate a high base score (CVSS 3.1: 7.5, ...

CVE-2023-4993 Sensetive Data Exposure in Utarit's Soliclub

Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8...

PT-2024-13834

Name of the Vulnerable Software and Affected Versions SoliPay Mobile App versions prior to 5.0.8 Description The issue is related to an Incorrect Use of Privileged APIs, also described as an Improper Privilege Management vulnerability, in the SoliPay Mobile App. This vulnerability allows for the...

CVE-2023-6517

Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users.This issue affects MİA-MED: before 1.0.7...

CVE-2023-6517

Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7...

CVE-2023-6517

CVE-2023-6517 affects Mia Technology’s MIA-MED prior to 1.0.7, where incompatible data handling policies permit collection of data provided by users, leading to exposure of sensitive information. The NVD entry cites a CVSS 3.1 base score of 7.5 (HIGH impact) with NETWORK attack vector, no user in...