CVE-2026-27672

CVE-2026-27672 affects the Material Master application. The issue is that authenticated users can execute reports without proper authorization checks, leading to disclosure of sensitive information. According to the sources, impact on confidentiality is low; integrity and availability are not aff...

EUVD-2026-22142

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

CVE-2026-27672

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

SAP Material Master 安全漏洞

SAP Material Master is a corporate materials data management and maintenance system developed by the German company SAP. There is a security vulnerability in SAP Material Master; this vulnerability arises from the lack of mandatory authorization checks during report execution, which may lead to t...

EUVD-2017-10389

Malware in sbrugna...

EUVD-2025-18870

Malicious code in bioql PyPI...

CVE-2025-6512 Scripts within reports executable on BRAIN2 Server

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights...

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

CVE-2024-11220 Open Automation Software Incorrect Execution-Assigned Permissions

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation...

HCL Technologies HCL BigFix Platform Cross-Site Scripting Vulnerability

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A cross-site scripting vulnerability exists in HCL BigFix Platform, which stems...

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

CVE-2021-21473

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRMRFCSUBMITREPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver AB...

CVE-2021-21473

CVE-2021-21473 affects SAP NetWeaver AS ABAP and ABAP Platform versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755. The issue is in function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user, allowing an unauthorized user to execute r...

Design/Logic Flaw

Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866...

CVE-2017-1373

Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866...

CVE-2017-1373

CVE-2017-1373 affects IBM TRIRIGA Application Platform 3.3 to 3.5, enabling an authenticated user to run a report they should not access (privilege escalation). The IBM Security Bulletin confirms the impact and lists affected versions: 3.3.0–3.3.2.x, 3.4.0–3.4.2.x, 3.5.0–3.5.2.x, with CVSS v3.0 b...

Oracle Reports Server unauthorized report execution vulnerability-vulnerability warning-the black bar safety net

Affected system: Oracle Reports 9i Oracle Reports 6i 6.0.8.19 Oracle Reports 6i 6.0.8 Oracle Reports 6 Oracle Reports 10g 9.0.4.3.3 Oracle Reports 10g 9.0.4 Oracle Reports 10g 9.0.3 Oracle Reports 10g 9.0.2 Oracle Reports 10g 9.0.1 Oracle Reports 10g 9.0 Description:...

Oracle Reports Server 6.0.8/9.0.x Unauthorized Report Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14316/info Oracle Reports Server is susceptible to an unauthorized report execution vulnerability. By placing a report file in a globally accessible location, users can trigger the execution of the report by issuing an HT...

Oracle Reports Server 6.0.8/9.0.x - Unauthorized Report Execution

source: https://www.securityfocus.com/bid/14316/info Oracle Reports Server is susceptible to an unauthorized report execution vulnerability. By placing a report file in a globally accessible location, users can trigger the execution of the report by issuing an HTTP GET request to the affected...