CVE-2024-54197 Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)

SAP NetWeaver AdministratorSystem Overview allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery SSRF which could have a low impact on integrity...

CVE-2024-20458

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication o...

CVE-2024-20458 Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulnerability is due to a lack of authentication o...

CVE-2024-42360

SequenceServer (BLAST+ web UI) is affected by a command injection due to improper sanitization in several HTTP endpoints. Versions prior to 3.1.2 are vulnerable; exploitation could allow arbitrary shell command execution. The issue has been fixed in 3.1.2. Remediation: upgrade to SequenceServer 3...

CVE-2024-42360 Command Injection in sequenceserver

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...

CVE-2024-42360 Command Injection in sequenceserver

SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via several HTTP endpoints due to improper sanitization of a user input or query parameters, which allows attacker to execute arbitrary shell commands. Remediation Upgrade sequenceserver to version 3.1.2 or higher...

Command Injection in sequenceserver

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

GHSA-QV32-5WM2-P32H Command Injection in sequenceserver

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

CVE-2024-41737

SAP CRM ABAP Insights Management allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application...

CVE-2024-41737 Server-Side Request Forgery (SSRF) in SAP CRM ABAP (Insights Management)

SAP CRM ABAP Insights Management allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application...

Command Injection in sequenceserver gem

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

SAP Business Workflow Information Disclosure Vulnerability

SAP Business Workflow is a key component for executing business processes from SAP Germany that allows users to design, implement and manage business processes, ensure process compliance and reduce the need for manual operations through automation. An information disclosure vulnerability exists i...

SAP CRM Information Disclosure Vulnerability

SAP CRM is a customer relationship management system from SAP in Germany. SAP CRM suffers from an information disclosure vulnerability that stems from the application's inadequate protection of sensitive information, which can be exploited by an authenticated attacker to enumerate accessible HTTP...

CVE-2024-34689 [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-34689 [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-34689

The CVE-2024-34689 issue affects SAP Business Workflow’s WebFlow Services. An authenticated attacker can enumerate HTTP endpoints accessible on the internal network by sending specially crafted HTTP requests, leading to information disclosure. The impact is limited to confidentiality (information...

CVE-2024-39598

CVE-2024-39598 affects SAP CRM (WebClient UI Framework). An authenticated attacker can enumerate accessible HTTP endpoints in the internal network by crafting specific HTTP requests, leading to information disclosure. The vulnerability impact is limited to confidentiality (information exposure); ...

CVE-2024-39598 [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)

SAP CRM WebClient UI Framework allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the applicati...

CVE-2024-6163

Certain http endpoints of Checkmk in Checkmk 2.3.0p10 2.2.0p31, 2.1.0p46, = 2.0.0p39 allows remote attacker to bypass authentication and access data...