Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap privileges vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28765
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the p...
Sap Businessobjects Business Intelligence 420
Sap Businessobjects Business Intelligence 430
8.7
CVSSv3
CVE-2023-26458
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and ...
Sap Landscape Management 3.0
7.8
CVSSv3
CVE-2023-0179
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
Linux Linux Kernel
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 22.04
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 9.0
Redhat Enterprise Linux For Power Little Endian Eus 9.0
Redhat Enterprise Linux For Power Little Endian 9.0
Redhat Enterprise Linux Eus 9.0
Redhat Enterprise Linux For Real Time For Nfv 9.0
Redhat Enterprise Linux For Real Time 9.0
Redhat Enterprise Linux Server 9.0
Redhat Enterprise Linux For Ibm Z Systems 9.0
Redhat Codeready Linux Builder -
3 Github repositories
7.8
CVSSv3
CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where th...
X.org X Server
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 8.1
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Workstation 7.0
Redhat Enterprise Linux Aus 8.4
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems Eus 8.4
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux For Power Little Endian Eus 8.4
5.3
CVSSv3
CVE-2023-24526
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an ...
Sap Netweaver Application Server Java 7.50
4.9
CVSSv3
CVE-2023-26461
SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows th...
Sap Netweaver Enterprise Portal 7.50
8.8
CVSSv3
CVE-2023-25616
In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an malicious user to gain access to resources that are allowed by extra privileges. Successful atta...
Sap Business Objects Business Intelligence Platform 430
Sap Business Objects Business Intelligence Platform 420
1 Article
5.3
CVSSv3
CVE-2023-27268
SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated malicious user to attach to an open interface and make use of an open naming and directory API to access a service which will enable them ...
Sap Netweaver Application Server For Java 7.50
8.8
CVSSv3
CVE-2023-24523
An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator...
Sap Host Agent 7.21
Sap Host Agent 7.22
6.5
CVSSv3
CVE-2023-24524
SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an malicious user to delete the data with a high impact to availability.
Sap S\\/4hana 104
Sap S\\/4hana 105
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »