Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bw vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8663
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Sap Netweaver Business Warehouse -
NA
CVE-2011-5260
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Sap Netweaver -
Sap Netweaver 7.0
Sap Netweaver 4.0
Sap Netweaver 6.4
NA
CVE-2014-5174
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Sap Netweaver Business Warehouse -
5.4
CVSSv3
CVE-2022-22373
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323.
Ibm Infosphere Information Server 11.7
9.8
CVSSv3
CVE-2016-1984
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices prior to 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote malicious users to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015...
Harman Amx Firmware 1.3.100
Harman Amx Firmware 1.2.322
6.5
CVSSv3
CVE-2021-21468
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
Sap Business Warehouse 731
Sap Business Warehouse 740
Sap Business Warehouse 750
Sap Business Warehouse 751
Sap Business Warehouse 752
Sap Business Warehouse 753
Sap Business Warehouse 754
Sap Business Warehouse 755
Sap Business Warehouse 782
Sap Business Warehouse 730
Sap Business Warehouse 711
Sap Business Warehouse 710
1 Article
NA
CVE-2013-6797
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin prior to 2.0.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url pa...
Sunil Nanda Blue Wrench Video Widget 1.0.0
Sunil Nanda Blue Wrench Video Widget 1.0.4
Sunil Nanda Blue Wrench Video Widget 1.0.2
Sunil Nanda Blue Wrench Video Widget
Sunil Nanda Blue Wrench Video Widget 1.0.3
Sunil Nanda Blue Wrench Video Widget 1.0.1
1 EDB exploit
9.9
CVSSv3
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL in...
Sap Business Warehouse 731
Sap Business Warehouse 740
Sap Business Warehouse 750
Sap Business Warehouse 751
Sap Business Warehouse 752
Sap Business Warehouse 753
Sap Business Warehouse 754
Sap Business Warehouse 755
Sap Business Warehouse 782
Sap Business Warehouse 730
Sap Business Warehouse 710
Sap Business Warehouse 711
1 Article
NA
CVE-2022-20948
A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validati...
NA
CVE-2023-20125
A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain incoming ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »