CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29111 – Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)
https://notcve.org/view.php?id=CVE-2023-29111
The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application. • https://launchpad.support.sap.com/#/notes/3117978 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28765 – Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Promotion Management )
https://notcve.org/view.php?id=CVE-2023-28765
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application. • https://launchpad.support.sap.com/#/notes/3298961 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26458 – Information Disclosure vulnerability in SAP Landscape Management
https://notcve.org/view.php?id=CVE-2023-26458
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system. • https://launchpad.support.sap.com/#/notes/3312733 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2023-28267 – Remote Desktop Protocol Client Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-28267
Remote Desktop Protocol Client Information Disclosure Vulnerability This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28267 • CWE-126: Buffer Over-read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30076 – ENTAB ERP 1.0 - Username PII leak
https://notcve.org/view.php?id=CVE-2022-30076
ENTAB ERP version 1.0 suffers from a username information leak due to a lack of rate limiting. • https://www.exploit-db.com/exploits/51335 http://packetstormsecurity.com/files/171777/ENTAB-ERP-1.0-Information-Disclosure.html •