289 matches found
SAP Landscape Transformation 安全漏洞
SAP Landscape Transformation is a tool for system data migration and integration from SAP. An authorization issue vulnerability exists in SAP Landscape Transformation that stems from a lack of authorization checks and could be exploited by an attacker to access restricted functionality or data...
PT-2025-20814 · Sap · Sap S4Core
Name of the Vulnerable Software and Affected Versions: SAP S4CORE affected versions not specified Description: The issue allows an authenticated attacker to access restricted information due to a missing authorization check in the OData meta-data property. This could cause a low impact on...
Dust: Unauthorized Table Creation by Member
A member user was able to create tables inside restricted company data spaces, despite the UI indicating that only workspace builders admins should be allowed. The "Add Data" button appeared disabled in the UI, but it was still interactable and functional, allowing the member to successfully crea...
GHSA-6FFG-MJG7-585X Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality
Impact An improper API access control issue has been identified, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. Patches Will be patched in 14.3.3 and 15.2.3. Workarounds None available...
Metabase 安全漏洞
Metabase is an open source data analytics platform from the US-based Metabase Inc. A security vulnerability exists in Metabase Enterprise Edition. An attacker exploiting the vulnerability could view data that should not be accessible. The following versions are affected: version 1.47.0 through...
CVE-2020-6271
SAP Solution Manager Problem Context Manager, version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data files visible for technical administration users of the diagnostics agent...
PT-2025-2749 · Unknown · Develocity
Name of the Vulnerable Software and Affected Versions: Develocity versions 2023.3.X through 2023.4.X Develocity versions 2023.3.X through 2024.1.7 Develocity versions 2023.4.X through 2024.1.7 Develocity versions prior to 2024.1.8 Description: The issue arises from incorrect access control in...
CVE-2025-0058
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...
SAP NetWeaver AS 安全漏洞
SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A security vulnerability exists in SAP NetWeaver AS for ABAP that stems from weak access control and allows an attacker to access restricted...
CVE-2024-32732
Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application...
CVE-2024-45732
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk use...
Splunk Enterprise和Splunk Cloud Platform 安全漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...
eLabFTW 访问控制错误漏洞
eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux systems and supports storing a wide range of objects. An access control error vulnerability exists in eLabFTW that stems from the presence of incorrect privilege checking that allows ...
OESA-2024-2164 three-eight-nine-ds-base security update
389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed...
CVE-2024-44121
The CVE-2024-44121 entry describes an information-disclosure vulnerability in SAP S/4HANA Statutory Reports that, under certain conditions, allows a user with basic privileges to access restricted internal data. Affected software is SAP S/4HANA (Statutory Reports) with confidentiality impact note...
SAP S/4 HANA 安全漏洞
SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP, Germany. A security vulnerability exists in SAP S/4 HANA that stems from the fact that, under certain circumstances, legal reports in SAP S/4 HANA allow an attacker with basic privileges to access information...
Ivanti EPM 安全漏洞
Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. A security vulnerability exists in Ivanti EPM that stems from a weak authentication issue contained in the patch management. An authenticated remote attacker could exploit the vulnerability to gain...
PT-2024-30962 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4 HANA affected versions not specified Description: The issue allows an attacker with basic privileges to access restricted information under certain conditions in Statutory Reports. This could expose internal user data that should rema...
DRUPAL-CONTRIB-2024-035
This module enables you to "clone" a content entity, i.e. to create a new content pre-filled with data from another entity of the same type and bundle. The module doesn't properly check the user access to the original entity, allowing users to create a new entity they have permission to create...
CVE-2024-34651
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files...