Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. ...
Continue Reading
August 08, 2023
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the applicatio ...
Continue Reading
August 08, 2023
In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker ...
Continue Reading
August 08, 2023
SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting ...
Continue Reading
August 08, 2023
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, ...
Continue Reading
August 08, 2023
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attac ...
Continue Reading
August 08, 2023
B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful explo ...
Continue Reading
August 08, 2023
SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password ...
Continue Reading
August 08, 2023
Back to Main
