CVE-2023-23857 : SAP NETWEAVER AS FOR JAVA 7.50 OPEN INTERFACE IMPROPER AUTHENTICATION

Description

Due to missing authentication check, SAP NetWeaver AS for Java – version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

https://launchpad.support.sap.com/#/notes/3252433

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-36053 : LINUXMINT MINTUPLOAD UP TO 4.2.0 SERVICE OS COMMAND INJECTION

CVE-2024-36053 : LINUXMINT MINTUPLOAD UP TO 4.2.0 SERVICE OS COMMAND INJECTION

Description In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in

CVE-2024-36080 : WESTERMO EDW-100 DEVICES UP TO 2024-05-03 HARD-CODED PASSWORD

CVE-2024-36080 : WESTERMO EDW-100 DEVICES UP TO 2024-05-03 HARD-CODED PASSWORD

Description Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed.

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed