CVE-2024-44115

CVE-2024-44115

Título es
CVE-2024-44115

Mar, 10/09/2024 – 03:15

Tipo
CWE-862

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-44115

Descripción en
The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application

10/09/2024
10/09/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

  • https://me.sap.com/notes/3488039

  • https://url.sap/sapsecuritypatchday

    • Enviar en el boletín
    Off

    CVE-2024-44114

    CVE-2024-44114

    Título es
    CVE-2024-44114

    Mar, 10/09/2024 – 03:15

    Tipo
    CWE-863

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44114

    Descripción en
    SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.

    10/09/2024
    10/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://me.sap.com/notes/3507252

  • https://url.sap/sapsecuritypatchday

    • Enviar en el boletín
    Off

    CVE-2024-45286

    CVE-2024-45286

    Título es
    CVE-2024-45286

    Mar, 10/09/2024 – 04:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-45286

    Descripción en
    Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability.

    10/09/2024
    10/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://me.sap.com/notes/3488341

  • https://url.sap/sapsecuritypatchday

    • Enviar en el boletín
    Off

    CVE-2024-44112

    CVE-2024-44112

    Título es
    CVE-2024-44112

    Mar, 10/09/2024 – 04:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44112

    Descripción en
    Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability.

    10/09/2024
    10/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://me.sap.com/notes/3505293

  • https://url.sap/sapsecuritypatchday

    • Enviar en el boletín
    Off

    CVE-2024-41728

    CVE-2024-41728

    Título es
    CVE-2024-41728

    Mar, 10/09/2024 – 04:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-41728

    Descripción en
    Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

    10/09/2024
    10/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    2.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://me.sap.com/notes/3496410

  • https://url.sap/sapsecuritypatchday

    • Enviar en el boletín
    Off

    CVE-2024-44725

    CVE-2024-44725

    Título es
    CVE-2024-44725

    Lun, 09/09/2024 – 20:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44725

    Descripción en
    AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php.

    09/09/2024
    09/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/Hebing123/cve/issues/69

    • Enviar en el boletín
    Off

    CVE-2024-44724

    CVE-2024-44724

    Título es
    CVE-2024-44724

    Lun, 09/09/2024 – 20:15

    Tipo
    CWE-94

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44724

    Descripción en
    AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value.

    09/09/2024
    09/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    7.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/Hebing123/cve/issues/68

    • Enviar en el boletín
    Off

    CVE-2024-6796

    CVE-2024-6796

    Título es
    CVE-2024-6796

    Lun, 09/09/2024 – 20:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6796

    Descripción en
    In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal's database and/or modify content.

    09/09/2024
    09/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01

    • Enviar en el boletín
    Off

    CVE-2024-6795

    CVE-2024-6795

    Título es
    CVE-2024-6795

    Lun, 09/09/2024 – 20:15

    Tipo
    CWE-89

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-6795

    Descripción en
    In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. 

    An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content

    and/or perform administrative operations including shutting down the database.

    09/09/2024
    09/09/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    10.00

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    CRITICAL

    Referencias

  • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01

    • Enviar en el boletín
    Off

    CVE-2024-44902

    CVE-2024-44902

    Título es
    CVE-2024-44902

    Lun, 09/09/2024 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-44902

    Descripción en
    A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

    09/09/2024
    09/09/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • http://thinkphp.com

  • https://github.com/fru1ts/CVE-2024-44902

    • Enviar en el boletín
    Off