Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.12 views

CVE-2021-41251

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

5.9CVSS6.6AI score0.01657EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-2349

Malware in sbrugna...

5.9CVSS5.7AI score0.01657EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2023/12/12 3:31 a.m.7 views

@sap-cloud-sdk/core (>=1.48.2-20210910061518.0 <=1.49.1-20210922143656.0), @sap/approuter (>=5.1.0 <=14.4.1) +12 more potentially affected by CVE-2023-49583 via @sap/xssec (>=1.3.0 <=3.5.0)

@sap/xssec NPM version =1.3.0, =1.48.2-20210910061518.0, =5.1.0, =2.2.3, =3.2.0, =0.0.2, =1.9.14, =1.14.1, =2.0.5, =1.0.0, =1.202002.1, =1.1.0, =0.1.92, =0.1.0, =0.4.1 Source cves: CVE-2023-49583 Source advisory: OSV:GHSA-P2VX-QJ66-88Q3...

9.8CVSS7.2AI score0.01085EPSS
Exploits0
OSV
OSV
added 2023/03/14 6:30 a.m.5 views

GHSA-XXHH-59GH-6FFX SAP Cloud SDK for AI Python has OS Command Injection when Program Objects Execution is Enabled

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

8.8CVSS8.1AI score0.00926EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2021/11/10 4:51 p.m.5 views

@enel/tgx-ptw-parametrica (=1.0.0), @sap/cds (>=3.34.1 <=3.34.3) +15 more potentially affected by CVE-2021-41251 via @sap-cloud-sdk/core (>=1.18.1 <=1.46.0)

@sap-cloud-sdk/core NPM version =1.18.1, =3.34.1, =1.6.2, =1.1.0, =0.3.7, =1.0.3, =0.1.0, =1.0.0, =1.0.5, =1.202002.1, =1.202004.3 - nikhilesh-model =1.0.0 - opm-dynamic-model =1.0.0 and more Source cves: CVE-2021-41251 Source advisory: OSV:GHSA-GP2F-254M-RH32...

5.9CVSS6.2AI score0.01657EPSS
Exploits1
OSV
OSV
added 2021/11/10 4:51 p.m.19 views

GHSA-GP2F-254M-RH32 Unauthorized access to data in @sap-cloud-sdk/core

Impact This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its...

5.9CVSS5.6AI score0.01657EPSS
Exploits1References5
NVD
NVD
added 2021/11/05 11:15 p.m.11 views

CVE-2021-41251

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

5.9CVSS0.01657EPSS
Exploits1References3
OSV
OSV
added 2021/11/05 11:15 p.m.19 views

CVE-2021-41251

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

5.9CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2021/11/05 11:15 p.m.19 views

Design/Logic Flaw

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

2.6CVSS5.6AI score0.01657EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/11/05 10:50 p.m.57 views

CVE-2021-41251

The vulnerability CVE-2021-41251 affects the SAP Cloud SDK core used in SAP Business Technology Platform apps, specifically when destination caching is enabled. The root cause is that, in certain versions, cached destinations could be stored without user identity information, allowing other users...

5.9CVSS5.6AI score0.01657EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/11/05 10:50 p.m.18 views

CVE-2021-41251 Possibility to elevate privileges or get unauthorized access to data

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...

5.9CVSS5.9AI score0.01657EPSS
Exploits1References3
OSV
OSV
added 2020/09/03 3:54 p.m.11 views

GHSA-R2VW-JGQ9-JQX2 Improper Authorization in @sap-cloud-sdk/core

Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated JWT...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 3:54 p.m.24 views

Improper Authorization in @sap-cloud-sdk/core

Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated JWT...

4.1AI score
Exploits0References2Affected Software1
Veracode
Veracode
added 2020/06/18 6:27 a.m.13 views

Insecure JWT Validation

@sap-cloud-sdk/core does not properly validate JWT. The function verifyJwt fails to filter the URL to obtain the public verification key for the JWT, accepting any URL belonging to a manipulated JWT...

1.5AI score
Exploits0
Node.js
Node.js
added 2020/06/17 8:18 p.m.17 views

Improper Authorization

Overview Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated...

6.4AI score
Exploits0Affected Software1
Rows per page
Query Builder