CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49578 – Denial of service (DOS) in SAP Cloud Connector
https://notcve.org/view.php?id=CVE-2023-49578
12 Dec 2023 — SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application. SAP Cloud Connector: versión 2.0, permite a un usuario autenticado con privilegios bajos realizar un ataque de denegación de servicio desde la interfaz de usuario adyacente mediante el envío de una solicitud maliciosa que genera un i... • https://me.sap.com/notes/3362463 • CWE-400: Uncontrolled Resource Consumption CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33694
https://notcve.org/view.php?id=CVE-2021-33694
15 Sep 2021 — SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting. SAP Cloud Connector, versión - 2.0, no codifica suficientemente las entradas controladas por el usuario, permitiendo a un atacante con derechos de administrador, incluir códigos maliciosos que se almacenan en la base... • https://launchpad.support.sap.com/#/notes/3058553 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33693
https://notcve.org/view.php?id=CVE-2021-33693
15 Sep 2021 — SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution. SAP Cloud Connector, versión - 2.0, permite a un administrador autenticado modifique un archivo de configuración para inyectar códigos maliciosos que podrían conllevar la ejecución de comandos del sistema operativo • https://launchpad.support.sap.com/#/notes/3058553 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33695
https://notcve.org/view.php?id=CVE-2021-33695
15 Sep 2021 — Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate. Potencialmente, SAP Cloud Connector, versión - 2.0, una comunicación con el backend es aceptada sin que se compruebe suficientemente el certificado • https://launchpad.support.sap.com/#/notes/3058553 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33692
https://notcve.org/view.php?id=CVE-2021-33692
15 Sep 2021 — SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories. SAP Cloud Connector, versión - 2.0, permite la carga de archivos zip como copia de seguridad. Este archivo de copia de seguridad puede ser engañado para inyectar elementos especiales como los separadores ".." y "/", para que los atacantes escapen fuer... • https://launchpad.support.sap.com/#/notes/3058553 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22914
https://notcve.org/view.php?id=CVE-2021-22914
16 Jun 2021 — Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using... • https://support.citrix.com/article/CTX316690 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-0246
https://notcve.org/view.php?id=CVE-2019-0246
08 Jan 2019 — SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity. SAP Cloud Connector, en versiones anteriores a la 2.11.3, no realiza comprobaciones de autenticación para funcionalidades que requieren la identidad del usuario. • http://www.securityfocus.com/bid/106463 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0247
https://notcve.org/view.php?id=CVE-2019-0247
08 Jan 2019 — SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. SAP Cloud Connector, en versiones anteriores a la 2.11.3, permite que un atacante inyecte código que puede ser ejecutado por la aplicación. Un atacante podría, por lo tanto, controlar el comportamiento de la aplicación. • https://launchpad.support.sap.com/#/notes/2696233 • CWE-94: Improper Control of Generation of Code ('Code Injection') •