Lucene search
K

88 matches found

Vulnrichment
Vulnrichment
added 2023/08/08 12:46 a.m.9 views

CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server

The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...

7.5CVSS6.6AI score0.0044EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/08 12:46 a.m.29 views

CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server

The ACL Access Control List of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the...

7.5CVSS8.6AI score0.0044EPSS
Exploits0References2
CVE
CVE
added 2023/08/08 12:46 a.m.64 views

CVE-2023-37491

CVE-2023-37491 concerns an ACL bypass in the SAP Message Server. Affected: SAP Message Server components/versions including KERNEL 7.22, 7.53, 7.54, 7.77 and related RNL64UC/KRNL64NUC variants. Root cause: ACL implementation can be bypassed under certain conditions, enabling an authenticated mali...

8.8CVSS8AI score0.0044EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/08/08 12:0 a.m.4 views

SAP Message Server 授权问题漏洞

SAP Message Server is a message server application from SAP Germany. SAP Message Server is vulnerable to authorization issues, no details of the vulnerability are provided at this time...

8.8CVSS6.7AI score0.0044EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-4246 · Sap · Sap Message Server

Name of the Vulnerable Software and Affected Versions: SAP Message Server versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT Description: The issue is related to the Access Control List ACL of the SAP Message...

8.8CVSS7.2AI score0.0044EPSS
Exploits0References9
OSV
OSV
added 2023/04/11 3:15 a.m.5 views

CVE-2023-26458

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

8.7CVSS6.7AI score0.00555EPSS
Exploits0References2
NVD
NVD
added 2023/04/11 3:15 a.m.30 views

CVE-2023-26458

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

8.7CVSS6.9AI score0.00555EPSS
Exploits0References2
Prion
Prion
added 2023/04/11 3:15 a.m.26 views

Information disclosure

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

4.7CVSS8AI score0.00555EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/11 2:34 a.m.39 views

CVE-2023-26458 Information Disclosure vulnerability in SAP Landscape Management

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

6.8CVSS8.3AI score0.00555EPSS
Exploits0References2
NVD
NVD
added 2022/10/06 6:15 p.m.31 views

CVE-2022-26235

A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows...

7.8CVSS0.00181EPSS
Exploits0References2
Prion
Prion
added 2022/10/06 6:15 p.m.15 views

Design/Logic Flaw

A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows...

4.3CVSS7.5AI score0.00181EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/10/06 12:0 a.m.58 views

CVE-2022-26235

Affects Beckman Coulter Remisol Advance v2.0.12.1 and earlier. The vulnerability stems from installation-time permissions that allow non-privileged users to overwrite or manipulate executables and libraries that run with SYSTEM privileges on Windows, enabling local privilege escalation. Documente...

7.8CVSS7.5AI score0.00181EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:11 a.m.4 views

com.ahome-it:ahome-tooling-server-core (>=1.0.110-RELEASE <=1.0.114-RELEASE), com.ahome-it:ahome-tooling-server-hazelcast (>=1.0.111-RELEASE <=1.0.112-RELEASE) +45 more potentially affected by CVE-2016-10027 via org.igniterealtime.smack:smack-core (>=4.0.0-rc1 <=4.1.8)

org.igniterealtime.smack:smack-core MAVEN version =4.0.0-rc1, =1.0.110-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =1.0.111-RELEASE, =0.1.3, =0.1.5, =0.0.0.1, =0.0.0.25, =0.1, =1.2.4, =0.2.5, =1.1.9, =1.1.55 and more Source cves: CVE-2016-10027 Source advisory:...

5.9CVSS6.7AI score0.01519EPSS
Exploits0
CNNVD
CNNVD
added 2022/02/22 12:0 a.m.7 views

Trend Micro ServerProtect 安全漏洞

Trend Micro ServerProtect is an enterprise-grade anti-virus program from Trend Micro, Inc. It is used to protect network-connected storage systems and block threats at their source. A security vulnerability exists in Trend Micro ServerProtect that originates from an integer overflow. The...

7.5CVSS8.4AI score0.0305EPSS
Exploits1References6
Cvelist
Cvelist
added 2020/01/23 7:46 p.m.41 views

CVE-2013-1593

A Denial of Service vulnerability exists in the WRITEC function in the msgserver.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN...

7.5AI score0.02388EPSS
Exploits6References5
NVD
NVD
added 2020/01/23 7:15 p.m.29 views

CVE-2013-1592

A Buffer Overflow vulnerability exists in the Message Server service MsJ2EEAddStatistics function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user...

10CVSS9.6AI score0.22612EPSS
Exploits6References6
Prion
Prion
added 2020/01/23 7:15 p.m.19 views

Buffer overflow

A Buffer Overflow vulnerability exists in the Message Server service MsJ2EEAddStatistics function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user...

10CVSS7.6AI score0.22612EPSS
Exploits6References6Affected Software1
Cvelist
Cvelist
added 2020/01/23 6:58 p.m.36 views

CVE-2013-1592

A Buffer Overflow vulnerability exists in the Message Server service MsJ2EEAddStatistics function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user...

9.7AI score0.22612EPSS
Exploits6References6
CVE
CVE
added 2020/01/23 6:58 p.m.146 views

CVE-2013-1592

SAP NetWeaver Message Server contains CVE-2013-1592 (and related CVE-2013-1593) buffer-overflow vulnerabilities in the Message Server module. The flaw resides in _MsJ2EE_AddStatistics(), where the attacker-controlled MSJ2EE_HEADER.serviceid is used to index the global j2ee_stat_services array wit...

10CVSS9.5AI score0.22612EPSS
Exploits6References6Affected Software1
Saint
Saint
added 2019/05/07 12:0 a.m.48 views

SAP Gateway Remote Command Execution

Added: 05/07/2019 Background SAP Gateway is a development framework, which allows non-SAP applications to communicate with SAP applications. Problem SAP Gateway behavior depends on two parameters, aclmode and simmode. If SAP Gateway access control lists ACLs are configured aclmode=0, anonymous...

1.7AI score
Exploits0
Rows per page
Query Builder