CVE-2024-42373 – Missing Authorization Check in SAP Student Life Cycle Management (SLcM)
https://notcve.org/view.php?id=CVE-2024-42373
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application. • https://me.sap.com/notes/3479293 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •
CVE-2024-41736 – Information Disclosure vulnerability in SAP Permit to Work
https://notcve.org/view.php?id=CVE-2024-41736
Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. • https://me.sap.com/notes/3475427 https://url.sap/sapsecuritypatchday • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-41731 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-41731
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-28166 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-28166
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-42375 – Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform
https://notcve.org/view.php?id=CVE-2024-42375
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. • https://me.sap.com/notes/3433545 https://url.sap/sapsecuritypatchday • CWE-434: Unrestricted Upload of File with Dangerous Type •