17 matches found
CVE-2022-35291
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
EUVD-2017-18544
Malware in sbrugna...
EUVD-2022-38181
Malicious code in bioql PyPI...
EUVD-2021-27674
Malicious code in bioql PyPI...
CVE-2022-35291
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
CVE-2022-35291
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
Design/Logic Flaw
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
CVE-2022-35291 Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
PT-2022-3931 · Sap · Sap Successfactors +1
Name of the Vulnerable Software and Affected Versions: SAP SuccessFactors affected versions not specified Description: The issue is related to misconfigured application endpoints in SAP SuccessFactors attachment APIs, allowing attackers with user privileges to perform activities with admin...
Code injection
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is...
CVE-2021-40498
CVE-2021-40498 affects SAP SuccessFactors Mobile Application for Android (versions older than 2108). The vulnerability arises from Android implementation methods embedded in the app that start when a user views their profile and can observe activities from other background apps, enabling service ...
CVE-2021-40498
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is...
CVE-2017-9613
Stored Cross-site scripting XSS vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality...
Cross site scripting
Stored Cross-site scripting XSS vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality...
CVE-2017-9613
Stored Cross-site scripting XSS vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality...
CVE-2017-9613
Stored Cross-site scripting XSS vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality...
CVE-2017-9613
SAP SuccessFactors (cloud HR suite) is affected by CVE-2017-9613, a Stored Cross-Site Scripting (XSS) vulnerability exploitable via the file upload functionality. The issue affects versions prior to b1705.1234962, where remote authenticated users can inject arbitrary web script or HTML through up...