CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40728
https://notcve.org/view.php?id=CVE-2023-40728
This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition. • https://cert-portal.siemens.com/productcert/pdf/ssa-147266.pdf • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2022-24093 – Adobe Commerce post-auth improper input validation leads to remote code execution
https://notcve.org/view.php?id=CVE-2022-24093
Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. • https://helpx.adobe.com/security/products/magento/apsb22-13.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3039
https://notcve.org/view.php?id=CVE-2023-3039
A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. • https://www.dell.com/support/kbdoc/en-us/000216282/dsa-2023-274 • CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40621 – Code Injection vulnerability in SAP PowerDesigner Client
https://notcve.org/view.php?id=CVE-2023-40621
SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default. SAP PowerDesigner Client - versión 16.7, permite a un atacante no autenticado inyectar código VBScript en un documento y hacer que lo abra un usuario desprevenido, para que la aplicación lo ejecute en nombre del usuario. La aplicación tiene una opción de seguridad para deshabilitar o preguntar a los usuarios antes de que se ejecuten scripts que no sean de confianza, pero esto no se establece como predeterminado. • https://me.sap.com/notes/3357163 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-40624 – Code Injection vulnerability in SAP NetWeaver AS ABAP (applications based on Unified Rendering)
https://notcve.org/view.php?id=CVE-2023-40624
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application. SAP NetWeaver AS ABAP (aplicaciones basadas en renderizado unificado): versiones SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, permite a un atacante inyectar código JavaScript que se puede ejecutar en la aplicación web . De este modo, un atacante podría controlar el comportamiento de esta aplicación web. • https://me.sap.com/notes/3323163 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •