25 matches found
CVE-2022-35291
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
EUVD-2017-18544
Malware in sbrugna...
EUVD-2022-38181
Malicious code in bioql PyPI...
EUVD-2021-27674
Malicious code in bioql PyPI...
SAP SuccessFactors Elevation of Privilege Vulnerability
SAP SuccessFactors is a cloud-based hcm software application from SAP, Germany. SAP SuccessFactors suffers from an elevation of privilege vulnerability that stems from an application endpoint misconfiguration. An attacker could use the vulnerability to elevate privileges and read or write...
CVE-2022-35291
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
CVE-2022-35291
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
Design/Logic Flaw
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
CVE-2022-35291
The CVE-2022-35291 entry describes a privilege-escalation vulnerability in SAP SuccessFactors via misconfigured attachment API endpoints used by the SF Mobile app (Time Off, Time Sheet, EC Workflow, Benefits). The underlying issue is endpoint misconfiguration that allows attackers with user privi...
CVE-2022-35291 Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
PT-2022-3931 · Sap · Sap Successfactors +1
Name of the Vulnerable Software and Affected Versions: SAP SuccessFactors affected versions not specified Description: The issue is related to misconfigured application endpoints in SAP SuccessFactors attachment APIs, allowing attackers with user privileges to perform activities with admin...
CVE-2021-40498
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is...
CVE-2021-40498
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is...
Code injection
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is...
CVE-2021-40498
CVE-2021-40498 affects SAP SuccessFactors Mobile Application for Android (versions older than 2108). The vulnerability arises from Android implementation methods embedded in the app that start when a user views their profile and can observe activities from other background apps, enabling service ...
CVE-2021-40498
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is...
successfactors.com XSS vulnerability
Open Bug Bounty ID: OBB-543662 Description| Value ---|--- Affected Website:| successfactors.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...
SAP Successfactors Cross-Site Scripting Vulnerability
SAP SuccessFactors is a cloud-based human resource management solution from SAP, Germany. The solution includes social and collaboration tools, a learning management system, performance management and people management. A cross-site scripting vulnerability exists in versions prior to SAP...
CVE-2017-9613
Stored Cross-site scripting XSS vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality...