Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-47894
Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 prior to 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict acces...
NA
CVE-2024-30216
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, attacker can add notes in the review request with 'completed' status affecting the integri...
NA
CVE-2024-30217
Cash Management in SAP S/4 HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. By exploiting this vulnerability, an attacker can approve or reject a bank account application affecting the integrity of the applicat...
NA
CVE-2024-30218
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an malicious user to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability.
NA
CVE-2024-25646
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated malicious user to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the applicat...
NA
CVE-2024-27898
SAP NetWeaver application, due to insufficient input validation, allows an malicious user to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in ...
NA
CVE-2024-27901
SAP Asset Accounting could allow a high privileged malicious user to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the app...
NA
CVE-2024-28167
SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient...
NA
CVE-2024-3273
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The mani...
Dlink Dns-320l Firmware -
Dlink Dns-120 Firmware -
Dlink Dnr-202l Firmware -
Dlink Dns-315l Firmware -
Dlink Dns-320 Firmware -
Dlink Dns-320lw Firmware -
Dlink Dns-321 Firmware -
Dlink Dnr-322l Firmware -
Dlink Dns-323 Firmware -
Dlink Dns-325 Firmware -
Dlink Dns-326 Firmware -
Dlink Dns-327l Firmware -
Dlink Dnr-326 Firmware -
Dlink Dns-340l Firmware -
Dlink Dns-343 Firmware -
Dlink Dns-345 Firmware -
Dlink Dns-726-4 Firmware -
Dlink Dns-1100-4 Firmware -
Dlink Dns-1200-05 Firmware -
Dlink Dns-1550-04 Firmware -
6 Github repositories
2 Articles
NA
CVE-2024-25644
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an malicious user to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »