38 matches found
SAP ABA Code Injection Vulnerability
SAP ABA Application Basis is an application transaction management system developed by SAP. A code injection vulnerability exists in the SAP ABA Application Basis interface, which can be exploited by a remote attacker to submit a special request that can be used to execute arbitrary code in the...
CVE-2024-22131
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
Authorization
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
CVE-2024-22131 Code Injection vulnerability in SAP ABA (Application Basis)
In SAP ABA Application Basis - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions...
CVE-2024-22131
CVE-2024-22131 affects SAP ABA (Application Basis) across versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I. The issue enables an authenticated user with remote execution privileges to use a vulnerable interface to invoke application functions beyond normal permissions, potentially readin...
SUSE CVE-2020-14059
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list...
What's New in InsightIDR: Q3 2021 in Review
This post offers a closer look at some of the recent updates and releases in InsightIDR, our extended detection and response solution, from Q3 2021. Welcome IntSights to the Rapid7 Insight Platform family! As you may have seen in recent communications, Rapid7 acquired IntSights, a leading provide...
PT-2021-8278 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the locking mechanism in the Linux kernel, specifically in the queued write lock slowpath function. A reader can acquire the lock without holding the wait lock,...
Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day
Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR’s Attacker Behavior Analytics ABA. The Managed Detection and Response MDR identified multiple, related compromises in the past 72 hours. In most...
What’s New in InsightIDR: Q4 2020 in Review
Throughout the year, we’ve provided roundups of what’s new in InsightIDR, our cloud-based SIEM tool see the H1 recap post, and our most recent Q3 2020 recap post. As we near the end of 2020, we wanted to offer a closer look at some of the recent updates and releases in InsightIDR from Q4 2020...
CVE-2020-14059
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list...
CVE-2020-14059
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list...
CVE-2020-14059
Squid 5.x prior to 5.0.3 is affected by CVE-2020-14059 due to an incorrect synchronization in the SMP cache, causing a Denial of Service via Ipc::Mem::PageStack::pop ABA during memory page/slot management. Affected component is the memory/page management list, with exploitation leading to a crash...
CVE-2018-2481
CVE-2018-2481 affects SAP_ABA components across SAP_ABA releases 7.00–7.02, 7.10–7.11, 7.30, 7.31, 7.40, 7.50 and 75C–75D. Description: a transaction code reserved for customers can be used to perform unauthorized transaction functionality by a malicious user, enabling elevation of privileges in ...
aba-svc.jp XSS vulnerability
Open Bug Bounty ID: OBB-501151 Description| Value ---|--- Affected Website:| aba-svc.jp Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure...
aba.insightcommerce.net XSS vulnerability
Vulnerable URL: http://aba.insightcommerce.net/?mainURL=javascript:alert/OPENBUGBOUNTY/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:|...
SAP Netweaver ABA Workbench Tools Certification Bypass Vulnerability
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An authentication bypass vulnerability exists in SAP Netweaver ABA Workbench Tools. An attacker could exploit th...
SAP Netweaver 2004s SAP_BASIS and SAP_ABA Component Message Forgery Vulnerability
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. An information forgery vulnerability exists in the SAPBASIS and SAPABA components in SAP Netweaver 2004s, version 7.00 SP Level 0031, which can be exploited by a remote attacker to forge an IP...