Latest CVE Feed
-
6.5
MEDIUMCVE-2022-22538
When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the appl... Read more
Affected Products : 3d_visual_enterprise_viewer- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22537
When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the applic... Read more
Affected Products : 3d_visual_enterprise_viewer- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22535
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither ... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2022-22534
Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can par... Read more
Affected Products : netweaver- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22533
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, suc... Read more
Affected Products : netweaver_application_server_java- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22532
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory b... Read more
Affected Products : netweaver_application_server_java- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2022-22531
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive infor... Read more
Affected Products : s\/4hana- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2022-22530
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could ... Read more
Affected Products : s\/4hana- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2022-22529
SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework p... Read more
Affected Products : enterprise_threat_detection- Published: Jan. 14, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-22528
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to pr... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22526
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API.... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2022-22525
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2022-22524
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22523
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22522
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a remote, unauthenticated attacker could make use of hard-coded credentials to gain full access to the device.... Read more
- Published: Sep. 28, 2022
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2022-22521
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed with users privileges. An attacker with low privileges may trick a user with administrative privileges to execute these b... Read more
Affected Products : benchmark_programming_tool- Published: Apr. 27, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2022-22520
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.... Read more
- Published: Sep. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22519
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22518
A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.... Read more
- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22517
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.... Read more
Affected Products : gateway development_system edge_gateway hmi_sl plchandler control_for_beaglebone_sl control_for_empc-a\/imx6_sl control_for_iot2000_sl control_for_linux_sl control_for_pfc100_sl +16 more products- Published: Apr. 07, 2022
- Modified: Nov. 21, 2024