12 matches found
EUVD-2019-1066
Malware in sbrugna...
CVE-2025-42993 Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement)
Due to a missing authorization check vulnerability in SAP S/4HANA Enterprise Event Enablement, an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the attacker to consume events via the RFC...
CVE-2025-42993
Summary: CVE-2025-42993 affects SAP S/4HANA (Enterprise Event Enablement). A missing authorization check allows an attacker with access to Inbound Binding Configuration to create an RFC destination and assign a high-privilege user, enabling code execution under that user’s privileges. Impact is l...
CVE-2019-0293
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...
CVE-2024-45283
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data...
CVE-2024-45283 Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data...
CVE-2024-45283 Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data...
CVE-2019-0293
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...
Authorization
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...
CVE-2019-0293
CVE-2019-0293 concerns the SAP ST-PI component where a read of an RFC destination may skip necessary authorization checks, enabling a local escalation of privileges to view information on RFC destinations on managed systems and SAP Solution Manager. Affected are ST-PI versions prior to 2008_1_700...
CVE-2019-0293
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...
CVE-2019-0279
ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...