17 matches found
CVE-2023-29112
The SAP Application Interface Message Monitoring - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limite...
CVE-2023-29109
The SAP Application Interface Framework Message Dashboard - versions AIF 703, AIFX 702, S4CORE 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints...
EUVD-2023-32715
Malicious code in bioql PyPI...
EUVD-2023-32712
Malicious code in bioql PyPI...
EUVD-2024-19352
Malicious code in bioql PyPI...
EUVD-2023-32713
Malicious code in bioql PyPI...
CVE-2023-29110
The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...
CVE-2024-21737
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...
CVE-2024-21737 Code Injection vulnerability in SAP Application Interface Framework (File Adapter)
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on...
SAP Application Interface Framework Cross-Site Scripting Vulnerability
SAP Application Interface Framework SAP AIF is a German SAP SAP company's application program interface framework. A security vulnerability exists in the SAP Application Interface Framework that stems from the application allowing the use of HTML markup, which can be exploited by an attacker to...
CVE-2023-29109
The SAP Application Interface Framework Message Dashboard - versions AIF 703, AIFX 702, S4CORE 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints...
CVE-2023-29112 Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring)
The SAP Application Interface Message Monitoring - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limite...
CVE-2023-29111 Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)
The SAP AIF ODATA service - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application...
CVE-2023-29110 Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)
The SAP Application Interface Message Dashboard - versions AIF 703, AIFX 702, S4CORE 100, 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker...
CVE-2023-29109 Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)
The SAP Application Interface Framework Message Dashboard - versions AIF 703, AIFX 702, S4CORE 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints...
CVE-2023-29109 Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard)
The SAP Application Interface Framework Message Dashboard - versions AIF 703, AIFX 702, S4CORE 101, SAPBASIS 755, 756, SAPABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints...
SAP Application Interface Framework 跨站脚本漏洞
SAP Application Interface Framework SAP AIF is an application interface framework from SAP, Germany. A security vulnerability exists in SAP Application Interface Framework ODATA service versions 600 and 700, which allows an authorized attacker to enter a link or title with custom CSS classes into...