CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39801
https://notcve.org/view.php?id=CVE-2022-39801
SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application. SAP GRC Access control Emergency Access Management permite a un atacante autenticado acceder a una sesión de Firefighter incluso después de haberla cerrado en Firefighter Logon Pad. Este ataque sólo puede lanzarse dentro del firewall. • https://launchpad.support.sap.com/#/notes/3237075 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20040 – SICUNET Access Controller Password Storage cleartext storage
https://notcve.org/view.php?id=CVE-2017-20040
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. • http://seclists.org/fulldisclosure/2017/Mar/25 https://vuldb.com/?id.98908 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20039 – SICUNET Access Controller hard-coded password
https://notcve.org/view.php?id=CVE-2017-20039
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. • http://seclists.org/fulldisclosure/2017/Mar/25 https://vuldb.com/?id.98907 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20038 – SICUNET Access Controller card_scan_decoder.php privileges management
https://notcve.org/view.php?id=CVE-2017-20038
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. Se ha encontrado una vulnerabilidad en SICUNET Access Controller versión 0.32-05z y ha sido clasificada como crítica. • http://seclists.org/fulldisclosure/2017/Mar/25 https://vuldb.com/?id.98906 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20037 – SICUNET Access Controller privileges management
https://notcve.org/view.php?id=CVE-2017-20037
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. Se ha encontrado una vulnerabilidad en SICUNET Access Controller versión 0.32-05z y ha sido clasificada como crítica. • http://seclists.org/fulldisclosure/2017/Mar/25 https://vuldb.com/?id.98905 • CWE-269: Improper Privilege Management •