EUVD-2011-4625

Malware in sbrugna...

CVE-2025-27437 Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...

CVE-2025-27437 Missing Authorization check in SAP NetWeaver Application Server ABAP (Virus Scan Interface)

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further...

CVE-2025-27437

CVE-2025-27437 affects SAP NetWeaver Application Server ABAP, specifically the Virus Scanner Interface. The vulnerability is a missing authorization check that allows an attacker authenticated as a non-administrative user to initiate a transaction and access but not modify non-sensitive data, wit...

Vulnerability fixed in Trend Micro products

Trend Micro has fixed a vulnerability in products that use the Virus Scan API VSAPI and/or the Advanced Threat Scan Engine ATSE. The vulnerability allows an unauthenticated remote malicious party capable of causing a denial-of-service cause. Trend Micro has released updates for numerous products ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the 1 instname parameter to the VsiTestScan servlet and 2 name parameter to the VsiTestServlet servlet...