Page 5 of 1509 results (0.007 seconds)

CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application. • https://me.sap.com/notes/3468102 https://url.sap/sapsecuritypatchday • CWE-284: Improper Access Control •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. • https://me.sap.com/notes/3487537 https://url.sap/sapsecuritypatchday • CWE-918: Server-Side Request Forgery (SSRF) •