Lucene search
K

405 matches found

Prion
Prion
added 2024/02/13 4:15 a.m.13 views

Authorization

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact ...

4CVSS6.8AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/13 3:43 a.m.12 views

CVE-2024-24741 Missing Authorization check in SAP Master Data Governance Material

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact ...

4.3CVSS6.9AI score0.00319EPSS
Exploits0References2
CVE
CVE
added 2024/02/13 3:43 a.m.46 views

CVE-2024-24741

CVE-2024-24741 affects SAP Master Data Governance for Material Data across versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804. Reported root cause: missing authorization checks for authenticated users, enabling privilege escalation. Impact stated as potential read of some sensitive informa...

4.3CVSS4.6AI score0.00319EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/13 3:43 a.m.33 views

CVE-2024-24741 Missing Authorization check in SAP Master Data Governance Material

SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact ...

4.3CVSS5AI score0.00319EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.7 views

SAP Master Data Governance 安全漏洞

SAP Master Data Governance is a suite of data management tools from SAP Germany for maintaining, validating, and distributing master data. An authorization issue vulnerability exists in SAP Master Data Governance for Material Data, which stems from a failure to perform the required authorization...

4.3CVSS6.8AI score0.00319EPSS
Exploits0References3
CNVD
CNVD
added 2023/12/14 12:0 a.m.8 views

SAP Master Data Governance Path Traversal Vulnerability

SAP Master Data Governance is a suite of data management tools from SAP Germany for maintaining, validating, and distributing master data. A path traversal vulnerability exists in SAP Master Data Governance, which stems from insufficient validation of user-supplied path information by the File...

5.3CVSS6.7AI score0.00625EPSS
Exploits0References1
NCSC
NCSC
added 2023/12/13 12:0 a.m.15 views

Vulnerabilities fixed in SAP

SAP has fixed vulnerabilities in several products, including. Business Objects, SAP GUI, Master Data Governance, Netweaver and Solution Manager. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS...

9.8CVSS8.9AI score0.03307EPSS
Exploits2
Prion
Prion
added 2023/12/12 1:15 a.m.20 views

Input validation

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality...

5CVSS6.8AI score0.00625EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/12 1:1 a.m.18 views

CVE-2023-49058 Directory Traversal vulnerability in SAP Master Data Governance

SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality...

3.5CVSS5.5AI score0.00625EPSS
Exploits0References2
CVE
CVE
added 2023/12/12 1:1 a.m.38 views

CVE-2023-49058

The CVE concerns SAP Master Data Governance File Upload path handling. Affected: SAP Master Data Governance (File Upload) where insufficient validation of user-supplied path information allows traversal characters to reach file APIs. Root cause: directory-traversal due to path validation gaps. Im...

5.3CVSS4.5AI score0.00625EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.4 views

PT-2023-31040 · Sap · Sap Master Data Governance

Name of the Vulnerable Software and Affected Versions: SAP Master Data Governance affected versions not specified Description: The issue allows an attacker to exploit insufficient validation of path information provided by users. This can lead to characters representing 'traverse to parent...

5.3CVSS5AI score0.00625EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 1:41 p.m.35 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2022-40609)

Summary IBM Master Data Management is impacted by vulnerabilities in IBM WebSphere Application Server where IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending...

9.8CVSS9.2AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/06 1:29 a.m.33 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-35890)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security, caused by the improper encoding in a local configuration file. Vulnerability Details CVEID:CVE-2023-35890 DESCRIPTION: IBM...

5.5CVSS5.3AI score0.00122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/21 5:34 p.m.37 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM WebSphere Application Server could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Serve...

4.3CVSS4.2AI score0.0112EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/08/08 1:15 a.m.4 views

CVE-2023-39436

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to speciali...

5.8CVSS5.8AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/08 12:48 a.m.18 views

CVE-2023-39436 Information Disclosure in SAP Supplier Relationship Management

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to speciali...

5.8CVSS5.7AI score0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/08 12:48 a.m.13 views

CVE-2023-39436 Information Disclosure in SAP Supplier Relationship Management

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to speciali...

5.8CVSS6.5AI score0.00366EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.6 views

SAP Supplier Relationship Management 信息泄露漏洞

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. An information disclosure vulnerability exists in SA...

5.8CVSS6.1AI score0.00366EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.5 views

PT-2023-4245 · Sap · Sap Supplier Relationship Management

Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management versions 600 through 617 Description: The issue is related to insufficient protection of service data in the SAP Supplier Relationship Management application, specifically in the function for copying basic...

5.8CVSS7.3AI score0.00366EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 5:22 p.m.23 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM WebSphere Application Server and used by IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
Rows per page
Query Builder