Lucene search
K

289 matches found

CNNVD
CNNVD
added 2025/05/13 12:0 a.m.4 views

SAP Landscape Transformation 安全漏洞

SAP Landscape Transformation is a tool for system data migration and integration from SAP. An authorization issue vulnerability exists in SAP Landscape Transformation that stems from a lack of authorization checks and could be exploited by an attacker to access restricted functionality or data...

7.7CVSS6.7AI score0.00321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.6 views

PT-2025-20814 · Sap · Sap S4Core

Name of the Vulnerable Software and Affected Versions: SAP S4CORE affected versions not specified Description: The issue allows an authenticated attacker to access restricted information due to a missing authorization check in the OData meta-data property. This could cause a low impact on...

4.3CVSS5.8AI score0.00255EPSS
Exploits0References5
Hacker One
Hacker One
added 2025/04/20 6:56 p.m.1260 views

Dust: Unauthorized Table Creation by Member

A member user was able to create tables inside restricted company data spaces, despite the UI indicating that only workspace builders admins should be allowed. The "Add Data" button appeared disabled in the UI, but it was still interactable and functional, allowing the member to successfully crea...

6.9AI score
Exploits0
OSV
OSV
added 2025/03/11 3:27 p.m.6 views

GHSA-6FFG-MJG7-585X Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Impact An improper API access control issue has been identified, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. Patches Will be patched in 14.3.3 and 15.2.3. Workarounds None available...

4.3CVSS6.4AI score0.00298EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.7 views

Metabase 安全漏洞

Metabase is an open source data analytics platform from the US-based Metabase Inc. A security vulnerability exists in Metabase Enterprise Edition. An attacker exploiting the vulnerability could view data that should not be accessible. The following versions are affected: version 1.47.0 through...

6.5CVSS6.5AI score0.00336EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/05 2:38 p.m.8 views

CVE-2020-6271

SAP Solution Manager Problem Context Manager, version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data files visible for technical administration users of the diagnostics agent...

8.2CVSS6.8AI score0.01161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/26 12:0 a.m.7 views

PT-2025-2749 · Unknown · Develocity

Name of the Vulnerable Software and Affected Versions: Develocity versions 2023.3.X through 2023.4.X Develocity versions 2023.3.X through 2024.1.7 Develocity versions 2023.4.X through 2024.1.7 Develocity versions prior to 2024.1.8 Description: The issue arises from incorrect access control in...

7.1CVSS7.1AI score0.00333EPSS
Exploits0References9
OSV
OSV
added 2025/01/14 1:15 a.m.4 views

CVE-2025-0058

In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the...

6.5CVSS5.8AI score0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/01/13 12:0 a.m.5 views

SAP NetWeaver AS 安全漏洞

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides web services, but is also the basic platform for SAP software. A security vulnerability exists in SAP NetWeaver AS for ABAP that stems from weak access control and allows an attacker to access restricted...

9.9CVSS8.9AI score0.00553EPSS
Exploits0References1
OSV
OSV
added 2024/12/10 1:15 a.m.6 views

CVE-2024-32732

Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application...

5.3CVSS5.8AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2024/10/14 5:15 p.m.2 views

CVE-2024-45732

In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform versions below 9.2.2403.103, 9.1.2312.200, 9.1.2312.110 and 9.1.2308.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a search as the "nobody" Splunk use...

6.5CVSS5.8AI score0.00397EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/14 12:0 a.m.2 views

Splunk Enterprise和Splunk Cloud Platform 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk...

7.1CVSS6.6AI score0.00397EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/01 12:0 a.m.5 views

eLabFTW 访问控制错误漏洞

eLabFTW is an open source experimental data hosting platform from eLabFTW Open Source. The platform runs on Linux systems and supports storing a wide range of objects. An access control error vulnerability exists in eLabFTW that stems from the presence of incorrect privilege checking that allows ...

7.5CVSS6.7AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2024/09/20 11:9 a.m.3 views

OESA-2024-2164 three-eight-nine-ds-base security update

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed...

7.5CVSS6.8AI score0.01394EPSS
Exploits0References3
CVE
CVE
added 2024/09/10 4:28 a.m.41 views

CVE-2024-44121

The CVE-2024-44121 entry describes an information-disclosure vulnerability in SAP S/4HANA Statutory Reports that, under certain conditions, allows a user with basic privileges to access restricted internal data. Affected software is SAP S/4HANA (Statutory Reports) with confidentiality impact note...

4.3CVSS4.5AI score0.00292EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.4 views

SAP S/4 HANA 安全漏洞

SAP S/4 HANA is an intelligent, integrated ERP software for large enterprises from SAP, Germany. A security vulnerability exists in SAP S/4 HANA that stems from the fact that, under certain circumstances, legal reports in SAP S/4 HANA allow an attacker with basic privileges to access information...

4.3CVSS6.4AI score0.00292EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.5 views

Ivanti EPM 安全漏洞

Ivanti EPM is a one-stop shop for managing user profiles and all client devices from Ivanti USA. A security vulnerability exists in Ivanti EPM that stems from a weak authentication issue contained in the patch management. An authenticated remote attacker could exploit the vulnerability to gain...

8.8CVSS9.1AI score0.01083EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.4 views

PT-2024-30962 · Sap · Sap S/4Hana

Name of the Vulnerable Software and Affected Versions: SAP S/4 HANA affected versions not specified Description: The issue allows an attacker with basic privileges to access restricted information under certain conditions in Statutory Reports. This could expose internal user data that should rema...

4.3CVSS6.8AI score0.00292EPSS
Exploits0References6
OSV
OSV
added 2024/09/04 3:40 p.m.6 views

DRUPAL-CONTRIB-2024-035

This module enables you to "clone" a content entity, i.e. to create a new content pre-filled with data from another entity of the same type and bundle. The module doesn't properly check the user access to the original entity, allowing users to create a new entity they have permission to create...

4.3CVSS6.7AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2024/09/04 6:15 a.m.29 views

CVE-2024-34651

Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files...

6.2CVSS0.00129EPSS
Exploits0References1
Rows per page
Query Builder