33 matches found
MAL-2026-499 Malicious code in system-integration (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 106aadf74e260c98fb25e21fc8ff5bea93798cc75117200447687debe7f9fba2 When importing the module, code downloads and executes a highly obfuscated remote script. --- Category: MALICIOUS - The campaign has clearly malicious intent,...
EUVD-2023-3112
Malicious code in bioql PyPI...
Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Netty (CVE-2024-29025)
Summary Netty is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2024-29025 The below vulnerability have been addressed. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid...
Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Apache Kafka (CVE-2024-27309)
Summary Apache Kafka is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2024-27309 The below vulnerability have been addressed. Vulnerability Details CVEID:CVE-2024-27309 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper access...
Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.
Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2024-28098, CVE-2024-29834 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-28098 DESCRIPTION: Apache Pulsar could allow a remote authenticated attacker to bypa...
Improper Privilege Management in github.com/sap/cloud-security-client-go
Impact SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go allows under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. Patches Upgrade to...
CVE-2023-50422
SAP BTP Security Services Integration Library Java cloud-security-services-integration-library - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary...
CVE-2023-50422
SAP BTP Security Services Integration Library Java cloud-security-services-integration-library - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary...
CVE-2023-49583
SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-49583
SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-49583
SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
PYSEC-2023-261
SAPBTPSecurity Services Integration Library Pythonsap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
Privilege escalation
SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-50424 Escalation of Privileges in SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go)
SAP BTP Security Services Integration Library Golang github.com/sap/cloud-security-client-go - versions 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-50423 Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)
SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-50423
The CVE-2023-50423 entry concerns the SAP BTP Security Services Integration Library, specifically the Python package sap-xssec, versions prior to 4.1.0. Multiple connected sources confirm a privilege-escalation vulnerability where an unauthenticated attacker, via the affected library, can obtain ...
CVE-2023-50422
CVE-2023-50422 concerns the SAP BTP Security Services Integration Library (Java) where versions below 2.17.0 and 3.0.0–before 3.3.0 allow privilege escalation under certain conditions. The root cause is insufficient permission checks in the library, enabling an unauthenticated attacker to obtain ...
CVE-2023-50422 Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library)
SAP BTP Security Services Integration Library Java cloud-security-services-integration-library - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary...
CVE-2023-49583 Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec)
SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
CVE-2023-49583 Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/xssec)
SAP BTP Security Services Integration Library Node.js @sap/xssec - versions 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...