Show filters
1,202 Total Results
Displaying 231-240 of 1,202
Sort by:
Attacker Value
Unknown

CVE-2021-33664

Disclosure Date: June 09, 2021 (last updated February 22, 2025)
SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
Attacker Value
Unknown

CVE-2020-25710

Disclosure Date: May 28, 2021 (last updated February 22, 2025)
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Attacker Value
Unknown

CVE-2021-22118

Disclosure Date: May 27, 2021 (last updated February 22, 2025)
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
Attacker Value
Unknown

CVE-2021-20517

Disclosure Date: May 27, 2021 (last updated February 22, 2025)
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435.
Attacker Value
Unknown

CVE-2021-20492

Disclosure Date: May 25, 2021 (last updated February 22, 2025)
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.
Attacker Value
Unknown

CVE-2021-27611

Disclosure Date: May 11, 2021 (last updated February 22, 2025)
SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service.
Attacker Value
Unknown

CVE-2021-20454

Disclosure Date: April 20, 2021 (last updated February 22, 2025)
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.
Attacker Value
Unknown

CVE-2021-20453

Disclosure Date: April 19, 2021 (last updated February 22, 2025)
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.
Attacker Value
Unknown

CVE-2021-27603

Disclosure Date: April 13, 2021 (last updated November 28, 2024)
An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker could call this function module multiple times to block all work processes thereby causing Denial of Service and affecting the Availability of the SAP system.
Attacker Value
Unknown

CVE-2021-27601

Disclosure Date: April 13, 2021 (last updated February 22, 2025)
SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attacker does not have control over kind or degree.