8 matches found
CVE-2021-33693
CVE-2021-33693 affects SAP Cloud Connector, version 2.0. An authenticated administrator can modify a configuration file to inject malicious code, potentially enabling OS command execution. The issue arises from insecure config handling where the admin’s configuration changes can be abused to run ...
CVE-2019-0246
The vulnerability CVE-2019-0246 affects the SAP Cloud Connector prior to version 2.11.3. The root cause is that certain functionalities requiring user identity do not perform authentication checks, enabling potential unauthorized actions. Impact is high: exposed confidentiality, integrity, and av...
CVE-2021-33692
SAP Cloud Connector (v2.0) contains a path traversal vulnerability exploited via uploaded backup ZIPs. The issue allows crafting backups containing sequences like .. and / to escape the restricted directory and access files or directories outside the intended location. Multiple connected sources ...
CVE-2021-33695
CVE-2021-33695 affects SAP Cloud Connector 2.0, where backend communication may accept certificates with insufficient validation, creating a trust‑management risk and potential certificate authentication bypass. Multiple sources (NVD, Red Hat, CNVD/CNNVD) corroborate; exploitation status not spec...
CVE-2024-25642
CVE-2024-25642 affects SAP Cloud Connector 2.0, where improper validation of certificates can allow an attacker to impersonate legitimate servers and break mutual authentication, enabling interception of requests to view/modify sensitive data. The vulnerability impacts confidentiality and integri...
CVE-2019-0247
SAP Cloud Connector is affected by a code-injection vulnerability in versions prior to 2.11.3. The root cause is an injectable code path that can be executed by an attacker, allowing them to control the application's behavior. Remediation: upgrade to version 2.11.3 or later (vendor SAP guidance)....
CVE-2021-33694
CVE-2021-33694 affects SAP Cloud Connector version 2.0. The issue stems from insufficient encoding of user-controlled inputs, enabling an attacker with Administrator rights to inject code that is stored in the database and later executed in the application, resulting in a Stored Cross-Site Script...
CVE-2023-49578
CVE-2023-49578 concerns SAP Cloud Connector 2.0. An authenticated, low-privilege user can trigger a Denial of Service from adjacent UI by sending a crafted malicious request, resulting in low availability impact and no effect on confidentiality or integrity. Several connected sources describe thi...