CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34689 – [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)
https://notcve.org/view.php?id=CVE-2024-34689
09 Jul 2024 — WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. WebFlow Services de SAP Business Workflow permite a un atacante autenticado enumerar endpoints HTTP accesibles en la red interna mediante la elaboración especial de solicitudes HTTP. Si se explota con... • https://me.sap.com/notes/3458789 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37175 – [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
https://notcve.org/view.php?id=CVE-2024-37175
09 Jul 2024 — SAP CRM WebClient does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to access some sensitive information. SAP CRM WebClient no realiza la verificación de autorización necesaria para un usuario autenticado, lo que resulta en una escalada de privilegios. Esto podría permitir que un atacante acceda a información confidencial. SAP CRM WebClient does not perform necessary authorization check for an authenticated user, res... • https://me.sap.com/notes/3467377 • CWE-862: Missing Authorization •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39598 – [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
https://notcve.org/view.php?id=CVE-2024-39598
09 Jul 2024 — SAP CRM (WebClient UI Framework) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of the application. SAP CRM (WebClient UI Framework) permite a un atacante autenticado enumerar endpoints HTTP accesibles en la red interna mediante la elaboración especial de solicitudes HTTP. Si se explota con éxito, esto puede... • https://me.sap.com/notes/3467377 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37174 – [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
https://notcve.org/view.php?id=CVE-2024-37174
09 Jul 2024 — Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled inputs resulting in Cross-Site Scripting vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application. La opción de soporte CSS personalizado en la interfaz de usuario de SAP CRM WebClient no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross Site Scripting. Si se explota con éxito, un ata... • https://me.sap.com/notes/3467377 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-37173 – [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI)
https://notcve.org/view.php?id=CVE-2024-37173
09 Jul 2024 — Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify information with no effect on availability of the application. Debido a una validación de entrada insuficiente, la interfaz de usuario de SAP CRM WebClient permite que un atacante no autenticado cree un enlace URL que inco... • https://me.sap.com/notes/3467377 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39593 – [CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management
https://notcve.org/view.php?id=CVE-2024-39593
09 Jul 2024 — SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities. SAP Landscape Management permite a un usuario autenticado leer datos confidenciales revelados por la respuesta de Provider Definition REST. La explotación exitosa puede causar un gran impacto en la confidencialidad de las entidades gestionadas. SAP Landscape Management allows an authentica... • https://me.sap.com/notes/3466801 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39592 – [CVE-2024-39592] Missing Authorization check in SAP PDCE
https://notcve.org/view.php?id=CVE-2024-39592
09 Jul 2024 — Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application. Elements of PDCE no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Esto permite a un atacante leer información confidencial causando un alto impacto en la confidencialidad de la apl... • https://me.sap.com/notes/3483344 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35778 – WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-35778
19 Jun 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17. La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en John West Slideshow SE permite la inclusión de archivos locales PHP. Este problema afecta a Slideshow SE: desde n/a hasta 2.5.17. The Slideshow SE plugin for WordPress is vulnerable to Local File... • https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35769 – WordPress Slideshow SE plugin <= 2.5.17 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35769
18 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through 2.5.17. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en John West Slideshow SE permite XSS Almacenado. Este problema afecta a Slideshow SE: desde n/a hasta 2.5.17. The Slideshow SE plugin for WordPress is vulnerable to Stored Cr... • https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-34691 – Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)
https://notcve.org/view.php?id=CVE-2024-34691
11 Jun 2024 — Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the system. Administrar archivos de pagos entrantes (F1680) de SAP S/4HANA no realiza las verificaciones de autorización necesarias para un usuario autenticado, lo que resulta en una escalada de privilegios. Como resultado, tiene un alto impac... • https://me.sap.com/notes/3466175 • CWE-862: Missing Authorization •