37 matches found
EUVD-2017-17364
Malware in sbrugna...
EUVD-2018-14338
Malware in sbrugna...
EUVD-2020-26026
Malware in sbrugna...
EUVD-2022-35580
Malicious code in bioql PyPI...
CVE-2024-45282 HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...
CVE-2024-45282 HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...
CVE-2024-45282
CVE-2024-45282 affects SAP S/4HANA, specifically the Manage Bank Statements component and its Bank Statement Draft. Fields in the read-only state can be modified via the MERGE method, leading to integrity violations in an OData entity. Root cause: lack of protection against external modifications...
CVE-2022-32508
An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...
CVE-2022-32508
An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...
CVE-2022-32508
An issue was discovered on certain Nuki Home Solutions devices. By sending a malformed HTTP verb, it is possible to force a reboot of the device. This affects Nuki Bridge v1 before 1.22.0 and v2 before 2.13.2...
CVE-2022-32508
CVE-2022-32508 affects Nuki Bridge: UNVulnerable components can reboot when parsing a malformed HTTP verb. Affected are Bridge v1 before 1.22.0 and v2 before 2.13.2. Attack vector is over the network (no authentication required as per CVE data). Impact is device reboot/partial availability disrup...
CVE-2023-49584
SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...
CVE-2023-49584 Client-Side Desynchronization vulnerability in SAP Fiori Launchpad
SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...
CVE-2023-49584
CVE-2023-49584 affects SAP Fiori Launchpad components across multiple SAP_UI versions (750, 754–758), UI_700 200, and SAP_BASIS 793. The issue allows an attacker to issue HTTP POST requests against a read-only service, resulting in low confidentiality impact per the provided description. Root cau...
CVE-2023-29189 HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
CVE-2023-29189 HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI)
SAP CRM WebClient UI - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to...
HTTP Verb Tampering
HTTP Verb Tampering is an attack that bypasses an authentication or control system that is based on the HTTP Verb. Sometimes, Web Server authentication mechanisms use verb-based authentication with access controls. Such security mechanisms include access control rules for requests with specific...
CVE-2020-4779
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...
CVE-2020-4779
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...
Security feature bypass
A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156...