{"vulnerability": "cve-2024-4758", "sightings": [{"uuid": "618a12f5-706d-4697-a598-d447e58be749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47586", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113467161777858654", "content": "", "creation_timestamp": "2024-11-12T00:31:27.457619Z"}, {"uuid": "81aeff9a-0187-498f-ae03-7f32034656f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47587", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113467161811465612", "content": "", "creation_timestamp": "2024-11-12T00:31:28.006641Z"}, {"uuid": "9735ec1d-d610-4ec0-9f7a-3c8b70e20d2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47588", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113467161826048639", "content": "", "creation_timestamp": "2024-11-12T00:31:28.414817Z"}, {"uuid": "5730534f-6b78-4a91-8b9f-77cf1bc6ba9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47580", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113625782201988792", "content": "", "creation_timestamp": "2024-12-10T00:50:43.364946Z"}, {"uuid": "cb895de8-d8bd-4fe5-a813-e2aab425308d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47581", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113625782216105904", "content": "", "creation_timestamp": "2024-12-10T00:50:43.511015Z"}, {"uuid": "91c1a38c-6a89-49df-a9ab-e565aba7629c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47582", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113625782230765278", "content": "", "creation_timestamp": "2024-12-10T00:50:43.859813Z"}, {"uuid": "771a928f-0073-47b5-b57c-4d8f63fd751b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47585", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113625841230792878", "content": "", "creation_timestamp": "2024-12-10T01:05:43.895461Z"}, {"uuid": "2ba210c2-a439-4771-8302-3f3f3772705a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47588", "type": "seen", "source": "https://t.me/cvedetector/10562", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47588 - SAP NetWeaver Java Plaintext Credentials Log Exposure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47588 \nPublished : Nov. 12, 2024, 1:15 a.m. | 37\u00a0minutes ago \nDescription : In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T02:58:59.000000Z"}, {"uuid": "f5465433-c25e-4790-841e-bc0713209052", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47585", "type": "seen", "source": "https://t.me/cvedetector/12464", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47585 - SAP NetWeaver ABAP Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47585 \nPublished : Dec. 10, 2024, 1:15 a.m. | 42\u00a0minutes ago \nDescription : SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T03:15:37.000000Z"}, {"uuid": "70b5197a-035b-483b-bd1d-ebd518ec8103", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47582", "type": "seen", "source": "https://t.me/cvedetector/12463", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47582 - Apache XML XXE Injection\", \n  \"Content\": \"CVE ID : CVE-2024-47582 \nPublished : Dec. 10, 2024, 1:15 a.m. | 42\u00a0minutes ago \nDescription : Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T03:15:37.000000Z"}, {"uuid": "84700322-64ba-4bf2-a8a2-0c96e6d8509e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47581", "type": "seen", "source": "https://t.me/cvedetector/12461", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47581 - SAP HCM Approve Timesheets Authorization Bypass Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47581 \nPublished : Dec. 10, 2024, 1:15 a.m. | 42\u00a0minutes ago \nDescription : SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T03:15:35.000000Z"}, {"uuid": "14a360a4-6b2b-4a7d-8106-0f2778a8de93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47580", "type": "seen", "source": "https://t.me/cvedetector/12469", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47580 - Apache PDF File Read Consortium\", \n  \"Content\": \"CVE ID : CVE-2024-47580 \nPublished : Dec. 10, 2024, 1:15 a.m. | 42\u00a0minutes ago \nDescription : An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment.  By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or availability. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-10T03:15:44.000000Z"}, {"uuid": "ab2613dd-581b-42d5-954f-c28ae1a08072", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47587", "type": "seen", "source": "https://t.me/cvedetector/10561", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47587 - Acceliant Cash Operations Privilege Escalation\", \n  \"Content\": \"CVE ID : CVE-2024-47587 \nPublished : Nov. 12, 2024, 1:15 a.m. | 37\u00a0minutes ago \nDescription : Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T02:58:55.000000Z"}, {"uuid": "a9bda5d6-11c8-40a8-9c87-72b1f69675a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47586", "type": "seen", "source": "https://t.me/cvedetector/10560", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-47586 - SAP NetWeaver Denial of Service NULL Pointer Dereference Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-47586 \nPublished : Nov. 12, 2024, 1:15 a.m. | 37\u00a0minutes ago \nDescription : SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T02:58:55.000000Z"}]}