229 matches found
CVE-2020-6204
The selection query in SAP Treasury and Risk Management Transaction Management EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104 returns more records than it should be when selecting and displaying the contract number, leading to Missing...
CVE-2020-6199
The view FIMENAVCOMPCERT in SAP ERP MENA Certificate Management, EAPPGLO version 607, SAPFIN versions- 618, 730 and SAP S/4HANA MENA Certificate Management, S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization grou...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.11.6: Fix missing authorization check on pull for public repos of private/limited org 11656 11683 Use session for retrieving org teams 11438 11439...
CVE-2020-6188
VAT Pro-Rata reports in SAP ERP SAPAPPL versions 600, 602, 603, 604, 605, 606, 616 and SAPFIN versions 617, 618, 700, 720, 730 and SAP S/4 HANA versions 100, 101, 102, 103, 104 do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check...
CVE-2020-6183
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...
Authorization
VAT Pro-Rata reports in SAP ERP SAPAPPL versions 600, 602, 603, 604, 605, 606, 616 and SAPFIN versions 617, 618, 700, 720, 730 and SAP S/4 HANA versions 100, 101, 102, 103, 104 do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check...
Authorization
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...
CVE-2020-6183
CVE-2020-6183 affects SAP Host Agent, version 7.21. The connected documents describe a vulnerability in which an unprivileged user can read or write the shared memory by sending a request to the main SAPOSCOL process, potentially exposing data such as directory sizes and hardware/OS details due t...
CVE-2020-6183
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details,...
CVE-2020-6188
The CVE-2020-6188 issue affects SAP ERP (SAP_APPL 600–606, 616; SAP_FIN 617–618, 700, 720, 730) and SAP S/4HANA (100–104). The root cause is missing authorization checks for an authenticated user, as described across multiple sources. This results in a Missing Authorization Check vulnerability wi...
CVE-2020-8772
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwpmmbsetrequest in init.php. Any attacker who knows the username of an administrator can log in...
Information leak through broken access control in Jira Server and Data Center - CVE-2019-20407
The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation check...
Atlassian JIRA < 7.13.12 / 8.x < 8.4.3 / 8.5.x < 8.5.2 Authorization Bypass (JRASERVER-70405)
According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to 7.13.12, 8.x prior to 8.4.3, or 8.5.x prior to 8.5.2 / 8.6.0. It is, therefore, affected by an authorization bypass vulnerability. The vulnerability exists in the...
CVE-2019-0367
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
CVE-2019-0367
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005
The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization...
Authorization
SAP Kernel ABAP Debugger, versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to...
CVE-2018-20826
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...
CVE-2019-3399
The BrowseProjects.jspa resource in Jira before version 7.13.2, and from version 8.0.0 before version 8.0.2 allows remote attackers to see information for archived projects through a missing authorisation check...
SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2018:2564-1)
This update for postgresql10 fixes the following issues : PostgreSQL 10 was updated to 10.5 : https://www.postgresql.org/about/news/1851/ https://www.postgresql.org/docs/current/static/release-10-5.html A dump/restore is not required for those running 10.X. However, if you use the adminpack...