15 matches found
CVE-2021-41251
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...
EUVD-2021-2349
Malware in sbrugna...
@sap-cloud-sdk/core (>=1.48.2-20210910061518.0 <=1.49.1-20210922143656.0), @sap/approuter (>=5.1.0 <=14.4.1) +12 more potentially affected by CVE-2023-49583 via @sap/xssec (>=1.3.0 <=3.5.0)
@sap/xssec NPM version =1.3.0, =1.48.2-20210910061518.0, =5.1.0, =2.2.3, =3.2.0, =0.0.2, =1.9.14, =1.14.1, =2.0.5, =1.0.0, =1.202002.1, =1.1.0, =0.1.92, =0.1.0, =0.4.1 Source cves: CVE-2023-49583 Source advisory: OSV:GHSA-P2VX-QJ66-88Q3...
GHSA-XXHH-59GH-6FFX SAP Cloud SDK for AI Python has OS Command Injection when Program Objects Execution is Enabled
SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...
GHSA-GP2F-254M-RH32 Unauthorized access to data in @sap-cloud-sdk/core
Impact This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its...
@enel/tgx-ptw-parametrica (=1.0.0), @sap/cds (>=3.34.1 <=3.34.3) +15 more potentially affected by CVE-2021-41251 via @sap-cloud-sdk/core (>=1.18.1 <=1.46.0)
@sap-cloud-sdk/core NPM version =1.18.1, =3.34.1, =1.6.2, =1.1.0, =0.3.7, =1.0.3, =0.1.0, =1.0.0, =1.0.5, =1.202002.1, =1.202004.3 - nikhilesh-model =1.0.0 - opm-dynamic-model =1.0.0 and more Source cves: CVE-2021-41251 Source advisory: OSV:GHSA-GP2F-254M-RH32...
CVE-2021-41251
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...
CVE-2021-41251
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...
Design/Logic Flaw
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...
CVE-2021-41251
The vulnerability CVE-2021-41251 affects the SAP Cloud SDK core used in SAP Business Technology Platform apps, specifically when destination caching is enabled. The root cause is that, in certain versions, cached destinations could be stored without user identity information, allowing other users...
CVE-2021-41251 Possibility to elevate privileges or get unauthorized access to data
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...
GHSA-R2VW-JGQ9-JQX2 Improper Authorization in @sap-cloud-sdk/core
Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated JWT...
Improper Authorization in @sap-cloud-sdk/core
Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated JWT...
Insecure JWT Validation
@sap-cloud-sdk/core does not properly validate JWT. The function verifyJwt fails to filter the URL to obtain the public verification key for the JWT, accepting any URL belonging to a manipulated JWT...
Improper Authorization
Overview Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated...