CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21734 – URL Redirection vulnerability in SAP Marketing (Contacts App)
https://notcve.org/view.php?id=CVE-2024-21734
09 Jan 2024 — SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. SAP Marketing (Contacts App) - versión 160, permite a un atacante con privilegios bajos engañar a un usuario para que abra una página maliciosa, lo que podría conducir a un ataque de phishing muy convincente con bajo impacto en la confidencialidad y la integridad de ... • https://me.sap.com/notes/3190894 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6320
https://notcve.org/view.php?id=CVE-2020-6320
09 Sep 2020 — SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application. SAP Marketing (Servlet), versión 130,140,150, permite a un atacante autenticado invocar determinadas funciones que están restringidas. Un conocimiento limitado de ... • https://launchpad.support.sap.com/#/notes/2961991 •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2486
https://notcve.org/view.php?id=CVE-2018-2486
11 Dec 2018 — SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •