CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47484 – Dell Avamar Web Restore Login Action SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-47484
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-52538 – Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-52538
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. • https://www.dell.com/support/kbdoc/en-us/000258636/dsa-2024-489-security-update-for-dell-avamar-and-dell-avamar-virtual-edition-security-update-for-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37144
https://notcve.org/view.php?id=CVE-2024-37144
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster. • https://www.dell.com/support/kbdoc/en-us/000258342/dsa-2024-405-security-update-for-dell-products-for-multiple-vulnerabilities • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54198 – Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
https://notcve.org/view.php?id=CVE-2024-54198
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application. • https://me.sap.com/notes/3469791 https://url.sap/sapsecuritypatchday • CWE-914: Improper Control of Dynamically-Identified Variables •
CVSS: 2.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-47577 – Information Disclosure vulnerability in SAP Commerce Cloud
https://notcve.org/view.php?id=CVE-2024-47577
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. • https://me.sap.com/notes/3535451 https://url.sap/sapsecuritypatchday • CWE-319: Cleartext Transmission of Sensitive Information •