CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35769 – WordPress Slideshow SE plugin <= 2.5.17 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35769
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through 2.5.17. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en John West Slideshow SE permite XSS Almacenado. Este problema afecta a Slideshow SE: desde n/a hasta 2.5.17. The Slideshow SE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-34691 – Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)
https://notcve.org/view.php?id=CVE-2024-34691
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system. Administrar archivos de pagos entrantes (F1680) de SAP S/4HANA no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Como resultado, tiene un alto impacto en la integridad y ningún impacto en la confidencialidad y disponibilidad del sistema. • https://me.sap.com/notes/3466175 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-862: Missing Authorization •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34684 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)
https://notcve.org/view.php?id=CVE-2024-34684
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read or modify the remote server files. En Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) permite que un atacante autenticado con acceso de administrador en el servidor local acceda a la contraseña de una cuenta local. Como resultado, un atacante puede obtener credenciales de usuario no administrativas, que le permitirán leer o modificar los archivos del servidor remoto. • https://me.sap.com/notes/3441817 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-34690 – Missing Authorization check in SAP Student Life Cycle Management (SLcM)
https://notcve.org/view.php?id=CVE-2024-34690
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted, causing minimal impact on the confidentiality and integrity of the application. SAP Student Life Cycle Management (SLcM) no realiza comprobaciones de autorización adecuadas para los usuarios autenticados, lo que genera una posible escalada de privilegios. Si se explota con éxito, podría permitir a un atacante acceder y editar variantes de informes no confidenciales que normalmente están restringidas, causando un impacto mínimo en la confidencialidad e integridad de la aplicación. • https://me.sap.com/notes/3457265 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-37176 – Missing Authorization check in SAP BW/4HANA Transformation and DTP
https://notcve.org/view.php?id=CVE-2024-37176
SAP BW/4HANA Transformation and Data Transfer Process (DTP) allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks. This results in escalation of privileges. It has no impact on the confidentiality of data but may have low impacts on the integrity and availability of the application. El proceso de transformación y transferencia de datos (DTP) de SAP BW/4HANA permite que un atacante autenticado obtenga niveles de acceso más altos de los que debería tener al explotar controles de autorización inadecuados. Esto da como resultado una escalada de privilegios. • https://me.sap.com/notes/3465455 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-862: Missing Authorization •