CWE:
 

Tytuł
Data
Autor
Med.
SAP Solution Manager 7.2 Missing Authorization
15.06.2021
Pablo Artuso
Med.
URVE Software Build 24.03.2020 Missing Authorization
30.12.2020
Erik Steltzner
Low
1CRM 8.6.7 Insecure Direct Object Reference
17.09.2020
Andreas Sperber
Med.
WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability
21.06.2018
KingSkrupellos
High
Lenovo ShareIT Information Disclosure / Hardcoded Password
26.01.2016
CoreLabs
High
SAP Afaria 7 Missing Authorization Check
19.06.2015
Vahagn Vardanyan


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-11-10
Medium
CVE-2021-40502

Vendor: SAP
Software: Commerce
 

 
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from B2B units they do not belong to.

 
Low
CVE-2021-42062

Vendor: SAP
Software: Erp human ca...
 

 
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.

 
Medium
CVE-2021-40501

Vendor: SAP
Software: Abap platfor...
 

 
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.

 
2021-11-05
Medium
CVE-2021-42359

Vendor: Legalweb
Software: Wp dsgvo tools
 

 

 
2021-11-04
Medium
CVE-2021-21694

Vendor: Jenkins
Software: Jenkins
 

 
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

 
High
CVE-2020-25366

Updating...
 

 
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.

 
Medium
CVE-2021-21695

Vendor: Jenkins
Software: Jenkins
 

 
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

 
Medium
CVE-2021-21689

Vendor: Jenkins
Software: Jenkins
 

 
FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.

 
Medium
CVE-2021-21688

Vendor: Jenkins
Software: Jenkins
 

 
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).

 
Medium
CVE-2021-21687

Vendor: Jenkins
Software: Jenkins
 

 
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top