Cross site request forgery (csrf)

SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the...

CVE-2024-22133 Improper Access Control in SAP Fiori Front End Server

SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the...

CVE-2024-22133 Improper Access Control in SAP Fiori Front End Server

SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the...

CVE-2024-25643

The SAP Fiori app My Overtime Request - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to...

CVE-2024-25643

CVE-2024-25643 affects the SAP Fiori app “My Overtime Request” (version 605). The issue is missing authorization checks for authenticated users, enabling potential privilege escalation by manipulating data-request URLs to access restricted information. The initial description notes no impact to i...

PT-2024-3864 · Sap · Sap Fiori App

Name of the Vulnerable Software and Affected Versions: SAP Fiori app My Overtime Request version 605 Description: The issue is related to the absence of necessary authorization checks for authenticated users, which may lead to an escalation of privileges. It is possible to manipulate the URLs of...

Authorization

SAP HCM Fiori App My Forms Fiori 2.0 - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data...

CVE-2023-1903

CVE-2023-1903 affects SAP HCM Fiori App My Forms (Fiori 2.0) version 605. The underlying issue is missing authorization checks for an authenticated user, which can expose restricted header data. Sources consistently describe the affected software and the root cause as a lack of proper access cont...

Janitza UMG Arbitrary File Read/Write Vulnerability

The Janitza UMG is an online power quality monitor for the energy industry from Janitza Germany. An arbitrary file read/write vulnerability exists in Janitza UMG 508, 509, 511, 604,605. This allows remote attackers to read or write files, or execute arbitrary JASIC code via a session with TCP por...