CVE-2023-27893 – Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)
https://notcve.org/view.php?id=CVE-2023-27893
An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable. • https://launchpad.support.sap.com/#/notes/3296476 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-25616 – Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)
https://notcve.org/view.php?id=CVE-2023-25616
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. • https://launchpad.support.sap.com/#/notes/3245526 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2023-27581 – github-slug-action vulnerable to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-27581
github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. This can be used to execute code on the GitHub runners and to exfiltrate any secrets one uses in the CI pipeline. • https://github.com/rlespinasse/github-slug-action/commit/102b1a064a9b145e56556e22b18b19c624538d94 https://github.com/rlespinasse/github-slug-action/releases/tag/v4.4.1 https://github.com/rlespinasse/github-slug-action/security/advisories/GHSA-6q4m-7476-932w https://securitylab.github.com/research/github-actions-untrusted-input • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-0888 – Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi
https://notcve.org/view.php?id=CVE-2023-0888
An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks • https://www.bbraun.com/productsecurity https://www.bbraunusa.com/productsecurity • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVE-2023-1367 – Code Injection in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-1367
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/453c6e130229718680c91bef450db643a0f263e4 https://huntr.dev/bounties/16bc74e2-1825-451f-bff7-bfdc1ea75cc2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •