Lucene search
K
SapCloud Connector

8 matches found

CVE
CVE
added 2021/09/15 6:1 p.m.62 views

CVE-2021-33693

CVE-2021-33693 affects SAP Cloud Connector, version 2.0. An authenticated administrator can modify a configuration file to inject malicious code, potentially enabling OS command execution. The issue arises from insecure config handling where the admin’s configuration changes can be abused to run ...

7.7CVSS6.7AI score0.00522EPSS
CVE
CVE
added 2019/01/08 8:0 p.m.55 views

CVE-2019-0246

The vulnerability CVE-2019-0246 affects the SAP Cloud Connector prior to version 2.11.3. The root cause is that certain functionalities requiring user identity do not perform authentication checks, enabling potential unauthorized actions. Impact is high: exposed confidentiality, integrity, and av...

9.8CVSS9.6AI score0.02744EPSS
CVE
CVE
added 2021/09/15 6:1 p.m.54 views

CVE-2021-33692

SAP Cloud Connector (v2.0) contains a path traversal vulnerability exploited via uploaded backup ZIPs. The issue allows crafting backups containing sequences like .. and / to escape the restricted directory and access files or directories outside the intended location. Multiple connected sources ...

7.5CVSS7.5AI score0.01132EPSS
CVE
CVE
added 2021/09/15 6:1 p.m.53 views

CVE-2021-33695

CVE-2021-33695 affects SAP Cloud Connector 2.0, where backend communication may accept certificates with insufficient validation, creating a trust‑management risk and potential certificate authentication bypass. Multiple sources (NVD, Red Hat, CNVD/CNNVD) corroborate; exploitation status not spec...

9.1CVSS9.2AI score0.00541EPSS
CVE
CVE
added 2024/02/13 2:44 a.m.52 views

CVE-2024-25642

CVE-2024-25642 affects SAP Cloud Connector 2.0, where improper validation of certificates can allow an attacker to impersonate legitimate servers and break mutual authentication, enabling interception of requests to view/modify sensitive data. The vulnerability impacts confidentiality and integri...

7.4CVSS7.4AI score0.00544EPSS
CVE
CVE
added 2019/01/08 8:0 p.m.51 views

CVE-2019-0247

SAP Cloud Connector is affected by a code-injection vulnerability in versions prior to 2.11.3. The root cause is an injectable code path that can be executed by an attacker, allowing them to control the application's behavior. Remediation: upgrade to version 2.11.3 or later (vendor SAP guidance)....

9.8CVSS9.3AI score0.01272EPSS
CVE
CVE
added 2021/09/15 6:1 p.m.48 views

CVE-2021-33694

CVE-2021-33694 affects SAP Cloud Connector version 2.0. The issue stems from insufficient encoding of user-controlled inputs, enabling an attacker with Administrator rights to inject code that is stored in the database and later executed in the application, resulting in a Stored Cross-Site Script...

5.9CVSS4.9AI score0.0045EPSS
CVE
CVE
added 2023/12/12 1:8 a.m.44 views

CVE-2023-49578

CVE-2023-49578 concerns SAP Cloud Connector 2.0. An authenticated, low-privilege user can trigger a Denial of Service from adjacent UI by sending a crafted malicious request, resulting in low availability impact and no effect on confidentiality or integrity. Several connected sources describe thi...

3.5CVSS3.9AI score0.0027EPSS