Show filters
1,715 Total Results
Displaying 251-260 of 1,715
Sort by:
Attacker Value
Unknown
CVE-2023-39438
Disclosure Date: August 15, 2023 (last updated February 25, 2025)
A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as well as custom fields the CLA requester had configured. In addition, an arbitrary authenticated user can update or delete the CLA-configuration for repositories or organizations using CLA-assistant. The stored access tokens for GitHub are not affected, as these are redacted from the API-responses.
0
Attacker Value
Unknown
CVE-2023-39440
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.
0
Attacker Value
Unknown
CVE-2023-39439
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
0
Attacker Value
Unknown
CVE-2023-39437
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application.
0
Attacker Value
Unknown
CVE-2023-39436
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.
0
Attacker Value
Unknown
CVE-2023-37492
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.
0
Attacker Value
Unknown
CVE-2023-37491
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.
0
Attacker Value
Unknown
CVE-2023-37490
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system
0
Attacker Value
Unknown
CVE-2023-37488
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system.
0
Attacker Value
Unknown
CVE-2023-37487
Disclosure Date: August 08, 2023 (last updated February 25, 2025)
SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application
0