| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update plugin options, potentially disrupting the service. |
| In SAP BusinessObjects Business Intelligence
Platform, if Single Signed On is enabled on Enterprise authentication, an
unauthorized user can get a logon token using a REST endpoint. The attacker can
fully compromise the system resulting in High impact on confidentiality,
integrity and availability. |
| In SAP Commerce, valid user accounts can be
identified during the customer registration and login processes. This allows a
potential attacker to learn if a given e-mail is used for an account, but does
not grant access to any customer data beyond this knowledge. The attacker must
already know the e-mail that they wish to test for. The impact on
confidentiality therefore is low and no impact to integrity or availability |
| SAP Commerce Backoffice does not sufficiently
encode user-controlled inputs, resulting in Cross-Site Scripting (XSS)
vulnerability causing low impact on confidentiality and integrity of the
application. |
| A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| Under certain conditions SAP Permit to Work
allows an authenticated attacker to access information which would otherwise be
restricted causing low impact on the confidentiality of the application. |
| SAP CRM ABAP (Insights
Management) allows an authenticated attacker to enumerate HTTP endpoints in the
internal network by specially crafting HTTP requests. On successful
exploitation this can result in information disclosure. It has no impact on
integrity and availability of the application. |
| A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| SAP Shared Service Framework does not perform necessary
authorization check for an authenticated user, resulting in escalation of
privileges. On successful exploitation, an attacker can cause a high impact on
confidentiality of the application. |
| SAP shared service framework allows an
authenticated non-administrative user to call a remote-enabled function, which
will allow them to insert value entries into a non-sensitive table, causing low
impact on integrity of the application |
| SpiderControl SCADA Web Server has a vulnerability that could allow an
attacker to upload specially crafted malicious files without
authentication. |
| SAP Document Builder does not perform necessary authorization checks for one of the function modules resulting in escalation of privileges causing low impact on confidentiality of the application. |
| Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability. |
| SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application. |
| Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. |
| The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version. |
| The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
| The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit. |
| A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles. |
| evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin." |
