14 matches found
CVE-2026-24312 Missing authorization check in SAP Business Workflow
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...
EUVD-2024-34988
Malicious code in bioql PyPI...
EUVD-2025-1488
Malicious code in bioql PyPI...
CVE-2025-0058
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...
CVE-2025-0058
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...
CVE-2025-0058
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...
CVE-2025-0058 Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...
CVE-2025-0058 Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...
CVE-2025-0058
SAP Business Workflow and SAP Flexible Workflow are affected by CVE-2025-0058. An authenticated attacker can manipulate a parameter in a legitimate resource request to view sensitive information that should be restricted, without modifying the information or causing unavailability. The report cit...
SAP Business Workflow Information Disclosure Vulnerability
SAP Business Workflow is a key component for executing business processes from SAP Germany that allows users to design, implement and manage business processes, ensure process compliance and reduce the need for manual operations through automation. An information disclosure vulnerability exists i...
CVE-2024-34689
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...
CVE-2024-34689 [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...
CVE-2024-34689 [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)
WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...
CVE-2024-34689
The CVE-2024-34689 issue affects SAP Business Workflow’s WebFlow Services. An authenticated attacker can enumerate HTTP endpoints accessible on the internal network by sending specially crafted HTTP requests, leading to information disclosure. The impact is limited to confidentiality (information...