CVE-2026-0497

CVE-2026-0497 affects SAP Product Designer Web UI of Business Server Pages. The issue arises from a missing authorization check, allowing authenticated non-administrative users to access non-sensitive information. Reported impact is limited to confidentiality (low); no impact on integrity or avai...

CVE-2026-0497 Missing Authorization check in Business Server Pages Application (Product Designer Web UI)

SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...

CVE-2023-25261

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...

CVE-2023-25262

Stimulsoft GmbH Stimulsoft Designer Web 2023.1.3 is vulnerable to Server Side Request Forgery SSRF. TThe Reporting Designer Web offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather...

Stimulsoft GmbH Stimulsoft Designer 代码问题漏洞

Stimulsoft GmbH Stimulsoft Designer is a robust product from Stimulsoft that runs on any computer and any platform. Engine, report designer and viewer for generating reports and analyzing data. A security vulnerability exists in Stimulsoft Designer Web version 2023.1.3, which stems fromThe...

PT-2023-20005 · Stimulsoft · Stimulsoft Reporting Designer +1

Name of the Vulnerable Software and Affected Versions: Stimulsoft Designer Web version 2023.1.3 Description: The issue allows an attacker to perform Server Side Request Forgery SSRF attacks. The Reporting Designer Web can embed sources from external locations, and when a user chooses such a...

CVE-2023-25261

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer Desktop 2023.1.4 and Stimulsoft Designer Web 2023.1.3 and Stimulsoft Viewer Web 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include sour...

PT-2023-20004 · Stimulsoft · Stimulsoft Viewer +1

Name of the Vulnerable Software and Affected Versions: Stimulsoft Designer Desktop version 2023.1.4 Stimulsoft Designer Web version 2023.1.3 Stimulsoft Viewer Web version 2023.1.3 Description: The issue allows for Remote Code Execution, enabling an attacker to access the local file system without...

CVE-2020-7035

An XML External Entities XXEvulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x...