405 matches found
Authorization
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact ...
CVE-2024-24741 Missing Authorization check in SAP Master Data Governance Material
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact ...
CVE-2024-24741
CVE-2024-24741 affects SAP Master Data Governance for Material Data across versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804. Reported root cause: missing authorization checks for authenticated users, enabling privilege escalation. Impact stated as potential read of some sensitive informa...
CVE-2024-24741 Missing Authorization check in SAP Master Data Governance Material
SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact ...
SAP Master Data Governance 安全漏洞
SAP Master Data Governance is a suite of data management tools from SAP Germany for maintaining, validating, and distributing master data. An authorization issue vulnerability exists in SAP Master Data Governance for Material Data, which stems from a failure to perform the required authorization...
SAP Master Data Governance Path Traversal Vulnerability
SAP Master Data Governance is a suite of data management tools from SAP Germany for maintaining, validating, and distributing master data. A path traversal vulnerability exists in SAP Master Data Governance, which stems from insufficient validation of user-supplied path information by the File...
Vulnerabilities fixed in SAP
SAP has fixed vulnerabilities in several products, including. Business Objects, SAP GUI, Master Data Governance, Netweaver and Solution Manager. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS...
Input validation
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality...
CVE-2023-49058 Directory Traversal vulnerability in SAP Master Data Governance
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality...
CVE-2023-49058
The CVE concerns SAP Master Data Governance File Upload path handling. Affected: SAP Master Data Governance (File Upload) where insufficient validation of user-supplied path information allows traversal characters to reach file APIs. Root cause: directory-traversal due to path validation gaps. Im...
PT-2023-31040 · Sap · Sap Master Data Governance
Name of the Vulnerable Software and Affected Versions: SAP Master Data Governance affected versions not specified Description: The issue allows an attacker to exploit insufficient validation of path information provided by users. This can lead to characters representing 'traverse to parent...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2022-40609)
Summary IBM Master Data Management is impacted by vulnerabilities in IBM WebSphere Application Server where IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-35890)
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security, caused by the improper encoding in a local configuration file. Vulnerability Details CVEID:CVE-2023-35890 DESCRIPTION: IBM...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management
Summary IBM WebSphere Application Server could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. Vulnerability Details CVEID:CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Serve...
CVE-2023-39436
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to speciali...
CVE-2023-39436 Information Disclosure in SAP Supplier Relationship Management
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to speciali...
CVE-2023-39436 Information Disclosure in SAP Supplier Relationship Management
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to speciali...
SAP Supplier Relationship Management 信息泄露漏洞
SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. An information disclosure vulnerability exists in SA...
PT-2023-4245 · Sap · Sap Supplier Relationship Management
Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management versions 600 through 617 Description: The issue is related to insufficient protection of service data in the SAP Supplier Relationship Management application, specifically in the function for copying basic...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management
Summary There is a vulnerability in the Apache Commons FileUpload library used by IBM WebSphere Application Server and used by IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. This has been addressed in the...