New vulnerabilities discovered in SAP products

Juliaca Overview :
New vulnerabilities discovered in SAP products
http://antihousewife.com/2011/11/creamy-tomato-bisque-gluten-free-of-course/ Affected Product(s) :
  • SAP
Vulnerability Details :
CVE ID : CVE-2019-0388
[[CVE-2019-0388Content spoofing vulnerability in UI5 HTTP Handler
Product – SAP UI, Versions – 7.5, 7.51, 7.52, 7.53, 7.54
Product – SAP UI 700, Versions – 2.0
CVE ID : CVE-2019-0396
[CVE-2019-0396] Missing XML Validation vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface)
Product – SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), Versions – 4.1, 4.2

Remediation / Fixes :

SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL

Description parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE

Description Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL

Description Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)