Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-33697: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.

CVE

Related news

CVE-2021-33696: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site.

CVE-2021-33698: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.

CVE-2021-33693: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.

CVE-2021-33694: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

CVE-2021-37532: SAP Security Patch Day – September 2021 - Product Security Response at SAP - Community Wiki

SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.

CVE-2021-33686: SAP Security Patch Day – September 2021 - Product Security Response at SAP - Community Wiki

Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.

CVE-2021-38150: SAP Security Patch Day – September 2021 - Product Security Response at SAP - Community Wiki

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

CVE-2021-39202: HackerOne

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the custom HTML widget. This has been patched in WordPress 5.8. It was only present during the testing/beta phase of WordPress 5.8.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907