CVE-2024-42371 – Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-42371
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application. • https://me.sap.com/notes/3488039 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •
CVE-2024-42373 – Missing Authorization Check in SAP Student Life Cycle Management (SLcM)
https://notcve.org/view.php?id=CVE-2024-42373
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application. • https://me.sap.com/notes/3479293 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •
CVE-2024-41736 – Information Disclosure vulnerability in SAP Permit to Work
https://notcve.org/view.php?id=CVE-2024-41736
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. • https://me.sap.com/notes/3475427 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-41731 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-41731
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-28166 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-28166
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •