CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32732 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform
https://notcve.org/view.php?id=CVE-2024-32732
Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application. • https://me.sap.com/notes/3524933 https://url.sap/sapsecuritypatchday • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-55550
https://notcve.org/view.php?id=CVE-2024-55550
A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. • https://www.mitel.com/support/security-advisories https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49603
https://notcve.org/view.php?id=CVE-2024-49603
A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-in/000256645/dsa-2024-453-security-update-for-dell-powerscale-onefs-multiple-security-vulnerabilities • CWE-687: Function Call With Incorrectly Specified Argument Value •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7875 – XSS in Tungsten Automation TotalAgility
https://notcve.org/view.php?id=CVE-2024-7875
Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx This allows for injection of a malicious JavaScript code, leading to a possible information leak. Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack. • https://cert.pl/en/posts/2024/12/CVE-2024-7874 https://cert.pl/posts/2024/12/CVE-2024-7874 https://www.tungstenautomation.com/products/totalagility • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7874 – XSS in Tungsten Automation TotalAgility
https://notcve.org/view.php?id=CVE-2024-7874
Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" and "/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx" This allows for injection of a malicious JavaScript code, leading to a possible information leak. Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack. • https://cert.pl/en/posts/2024/12/CVE-2024-7874 https://cert.pl/posts/2024/12/CVE-2024-7874 https://www.tungstenautomation.com/products/totalagility • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •