32 matches found
CVE-2023-24527 Improper Access Control in SAP NetWeaver AS Java for Deploy Service
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...
SAP NetWeaver AS Java Licensing Issue Vulnerability (CNVD-2023-28121)
SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An authorization issue vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from a failure to...
CVE-2023-27268
SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...
CVE-2023-27268
SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...
CVE-2023-23857
Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services...
Authorization
SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...
CVE-2023-27268 Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service)
SAP NetWeaver AS Java Object Analyzing Service - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify...
SAP NetWeaver Application Server Java 访问控制错误漏洞
SAP NetWeaver AS Java is a German SAP SAP company provides a Java runtime environment for the application server. The product is mainly used to develop and run Java EE applications. An authorization issue vulnerability exists in SAP NetWeaver AS Java version 7.50, which stems from a failure to...
SAP NetWeaver AS Java Improper Access Control (3268093)
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current...
ch.cern.hadoop:hadoop-minikdc (>=2.7.4.0 <=2.7.5.1), com.alibaba.lindorm:lindorm-search-test-framework (>=8.10.1.3 <=8.10.2) +117 more potentially affected by CVE-2015-3250 via org.apache.directory.api:api-ldap-model (>=1.0.0-M14 <=1.0.0-M30)
org.apache.directory.api:api-ldap-model MAVEN version =1.0.0-M14, =2.7.4.0, =8.10.1.3, =2.0.0-beta1, =1.0.3, =1.0.3, =1.0.3, =0.1.1, =0.1.1, =0.3.0, =0.3.0, =0.4.0, =0.4.0, =1.8.0, =1.9.3 and more Source cves: CVE-2015-3250 Source advisory: OSV:GHSA-CX3Q-CV6W-MX4H...
cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)
django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:GHSA-5HG3-6C2F-F3WR...
cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)
django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...