8 matches found
CVE-2025-43004
The CVE-2025-43004 entry describes a security misconfiguration in SAP Digital Manufacturing Production Operator Dashboards (PODs) that allows unauthenticated external access to non-sensitive customer data. The root cause is lack of enforcement of authentication, with no indication that integrity ...
CVE-2025-43004 Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)
Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards PODs that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view...
CVE-2025-43004 Security Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator Dashboard)
Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards PODs that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view...
SAP Digital Manufacturing 安全漏洞
SAP Digital Manufacturing is a manufacturing operations management MOM platform from SAP, Germany, that supports agile operations and supports a sustainable workforce. A security vulnerability exists in SAP Digital Manufacturing that stems from a security misconfiguration that could lead to...
Design/Logic Flaw
SAP Plant Connectivity - version 15.5 PCo or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token JWT in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send...
CVE-2023-2827
CVE-2023-2827 concerns SAP Plant Connectivity (PCo) v15.5 and Production Connector for SAP Digital Manufacturing v1.0, where the JSON Web Token (JWT) in HTTP requests is not validated. Root cause: lack of JWT signature validation enabling unauthorized callers from the internal network to issue se...
CVE-2023-2827 Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital
SAP Plant Connectivity - version 15.5 PCo or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token JWT in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send...
Web和ecto 访问控制错误漏洞
SAP Plant Connectivity is a bridge between devices and MES for exchanging data between standard data sources from SAP, Germany. An access control error vulnerability exists in SAP Plant Connectivity version 15.5 and SAP Digital Manufacturing version 1.0, which stems from not validating JWT...