Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bw vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8312
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
Sap Netweaver Abap 7.31
NA
CVE-2011-5260
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Sap Netweaver -
Sap Netweaver 7.0
Sap Netweaver 4.0
Sap Netweaver 6.4
NA
CVE-2014-5174
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Sap Netweaver Business Warehouse -
5.4
CVSSv3
CVE-2022-22373
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323.
Ibm Infosphere Information Server 11.7
9.8
CVSSv3
CVE-2016-1984
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices prior to 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote malicious users to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015...
Harman Amx Firmware 1.3.100
Harman Amx Firmware 1.2.322
6.5
CVSSv3
CVE-2021-21468
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
Sap Business Warehouse 731
Sap Business Warehouse 740
Sap Business Warehouse 750
Sap Business Warehouse 751
Sap Business Warehouse 752
Sap Business Warehouse 753
Sap Business Warehouse 754
Sap Business Warehouse 755
Sap Business Warehouse 782
Sap Business Warehouse 730
Sap Business Warehouse 711
Sap Business Warehouse 710
1 Article
NA
CVE-2013-6797
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin prior to 2.0.0 for WordPress allows remote malicious users to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url pa...
Sunil Nanda Blue Wrench Video Widget 1.0.0
Sunil Nanda Blue Wrench Video Widget 1.0.4
Sunil Nanda Blue Wrench Video Widget 1.0.2
Sunil Nanda Blue Wrench Video Widget
Sunil Nanda Blue Wrench Video Widget 1.0.3
Sunil Nanda Blue Wrench Video Widget 1.0.1
1 EDB exploit
9.9
CVSSv3
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL in...
Sap Business Warehouse 731
Sap Business Warehouse 740
Sap Business Warehouse 750
Sap Business Warehouse 751
Sap Business Warehouse 752
Sap Business Warehouse 753
Sap Business Warehouse 754
Sap Business Warehouse 755
Sap Business Warehouse 782
Sap Business Warehouse 730
Sap Business Warehouse 710
Sap Business Warehouse 711
1 Article
NA
CVE-2022-20948
A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validati...
NA
CVE-2023-20125
A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain incoming ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »