CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40622 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management)
https://notcve.org/view.php?id=CVE-2023-40622
SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability. SAP BusinessObjects Business Intelligence Platform (Promotion Management): las versiones 420, 430, bajo ciertas condiciones, permiten a un atacante autenticado ver información sensible que de otro modo estaría restringida. En una explotación exitosa, el atacante puede comprometer completamente la aplicación causando un alto impacto en la confidencialidad, integridad y disponibilidad. • https://me.sap.com/notes/3320355 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37489 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Version Management System)
https://notcve.org/view.php?id=CVE-2023-37489
Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity. Debido a la falta de validación, SAP BusinessObjects Business Intelligence Platform (Version Management System) - versión 403, permite que un usuario no autenticado lea el fragmento de código a través de la interfaz de usuario, lo que conduce a un bajo impacto en la confidencialidad y ningún impacto en la disponibilidad o integridad de la aplicación. • https://me.sap.com/notes/3352453 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42090 – Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42090
Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. • https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-23-1423 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-42095 – Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42095
Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. • https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-23-1428 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 35EXPL: 0CVE-2023-36777 – Microsoft Exchange Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-36777
Microsoft Exchange Server Information Disclosure Vulnerability Vulnerabilidad de Divulgación de Información de Microsoft Exchange Server This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777 • CWE-502: Deserialization of Untrusted Data •