21395 matches found
CVE-2026-23681
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
CVE-2026-23681
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
CVE-2026-24327
The CVE concerns SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages) where a missing authorization check allowed an authenticated attacker to access information they should not view. The vulnerability impacts confidentiality with a LOW effect (C:L, I:N, A:N) and does...
CVE-2026-24326 Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)
Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on...
CVE-2026-24322 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability...
CVE-2026-24322 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)
SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability...
CVE-2026-24312 Missing authorization check in SAP Business Workflow
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data...
CVE-2026-23688 Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted...
CVE-2026-23688 Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted...
CVE-2026-23681 Missing Authorization check in a function module in SAP Support Tools Plug-In
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
CVE-2026-23681 Missing Authorization check in a function module in SAP Support Tools Plug-In
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
CVE-2026-0509 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...
CVE-2026-0509 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required SRFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the...
CVE-2026-0486 Missing Authorization Check in ABAP based SAP systems
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted...
CVE-2026-0484
CVE-2026-0484 affects SAP NetWeaver Application Server ABAP and SAP S/4HANA. The root cause is a missing authorization check that enables an authenticated attacker to access a specific transaction code and modify text data, impacting integrity (I: High) while confidentiality and availability rema...
CVE-2026-0484 Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...
CVE-2026-0484 Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the...
Missing Authorization
Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authorization in the scheduler endpoint. An attacker can gain unauthorized access to create, modify, or delete schedules by sending crafted...
Missing Authorization
Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authorization in the scheduler endpoint. An attacker can gain unauthorized access to create, modify, or delete schedules by sending crafted requests t...
Fortinet FortiAuthenticator 安全漏洞
Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. Vulnerabilities exist in versions 6.6.0 to 6.6.6, 6.5 all versions, 6.4 all versions, and 6.3 all versions of FortiAuthenticator. These vulnerabilities stem from the lack of...