Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-852
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP ABAP Platform Kernel versions - 7.77, 7.81, 7.85, 7.86 | ||
| SAP | N/A | SAP Solution Manager et SAP Focused Run versions - 9.7, 10.1, 10.5, 10.7 | ||
| SAP | N/A | SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions, SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105 | ||
| SAP | N/A | SAP GUI pour Windows versions antérieures à 7.60 PL13 et versions 7.70 PL4 | ||
| SAP | N/A | SAP NetWeaver AS pour ABAP et ABAP Platform versions - 700, 701, 702,710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 | ||
| SAP | N/A | SAP Commerce versions - 2105.3, 2011.13, 2005.18, 1905.34 | ||
| SAP | N/A | SAP ERP HCM Portugal versions - 600, 604, 608 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP ABAP Platform Kernel versions - 7.77, 7.81, 7.85, 7.86",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Solution Manager et SAP Focused Run versions - 9.7, 10.1, 10.5, 10.7",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions, SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GUI pour Windows versions ant\u00e9rieures \u00e0 7.60 PL13 et versions 7.70 PL4",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS pour ABAP et ABAP Platform versions - 700, 701, 702,710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions - 2105.3, 2011.13, 2005.18, 1905.34",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP ERP HCM Portugal versions - 600, 604, 608",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-40504",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40504"
},
{
"name": "CVE-2021-42062",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42062"
},
{
"name": "CVE-2021-38164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38164"
},
{
"name": "CVE-2021-40501",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40501"
},
{
"name": "CVE-2021-40502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40502"
},
{
"name": "CVE-2021-40503",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40503"
},
{
"name": "CVE-2020-6369",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6369"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-852",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP 589496864 du 09 novembre 2021",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
}
]
}
CVE-2021-40503 (GCVE-0-2021-40503)
Vulnerability from cvelistv5 – Published: 2021-11-10 15:27 – Updated: 2024-08-04 02:44
VLAI?
EPSS
Summary
An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP GUI for Windows |
Affected:
< 7.60 PL13
Affected: < 7.70 PL4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3080106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP GUI for Windows",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.60 PL13"
},
{
"status": "affected",
"version": "\u003c 7.70 PL4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:27:28",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3080106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-40503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP GUI for Windows",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "\u003c 7.60 PL13"
},
{
"version_name": "\u003c",
"version_value": "\u003c 7.70 PL4"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in SAP GUI for Windows - versions \u003c 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user\u2019s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3080106",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3080106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-40503",
"datePublished": "2021-11-10T15:27:28",
"dateReserved": "2021-09-03T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40501 (GCVE-0-2021-40501)
Vulnerability from cvelistv5 – Published: 2021-11-10 15:22 – Updated: 2024-08-04 02:44
VLAI?
EPSS
Summary
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP ABAP Platform Kernel |
Affected:
< 7.77
Affected: < 7.81 Affected: < 7.85 Affected: < 7.86 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3099776"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP ABAP Platform Kernel",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.77"
},
{
"status": "affected",
"version": "\u003c 7.81"
},
{
"status": "affected",
"version": "\u003c 7.85"
},
{
"status": "affected",
"version": "\u003c 7.86"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:22:15",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3099776"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-40501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP ABAP Platform Kernel",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.77"
},
{
"version_name": "\u003c",
"version_value": "7.81"
},
{
"version_name": "\u003c",
"version_value": "7.85"
},
{
"version_name": "\u003c",
"version_value": "7.86"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/3099776",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3099776"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-40501",
"datePublished": "2021-11-10T15:22:15",
"dateReserved": "2021-09-03T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40502 (GCVE-0-2021-40502)
Vulnerability from cvelistv5 – Published: 2021-11-10 15:24 – Updated: 2024-08-04 02:44
VLAI?
EPSS
Summary
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Commerce |
Affected:
< 2105.3
Affected: < 2011.13 Affected: < 2005.18 Affected: < 1905.34 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3110328"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Commerce",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 2105.3"
},
{
"status": "affected",
"version": "\u003c 2011.13"
},
{
"status": "affected",
"version": "\u003c 2005.18"
},
{
"status": "affected",
"version": "\u003c 1905.34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-24T15:57:05",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3110328"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-40502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Commerce",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "2105.3"
},
{
"version_name": "\u003c",
"version_value": "2011.13"
},
{
"version_name": "\u003c",
"version_value": "2005.18"
},
{
"version_name": "\u003c",
"version_value": "1905.34"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3110328",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3110328"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-40502",
"datePublished": "2021-11-10T15:24:42",
"dateReserved": "2021-09-03T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42062 (GCVE-0-2021-42062)
Vulnerability from cvelistv5 – Published: 2021-11-10 15:30 – Updated: 2024-08-04 03:22
VLAI?
EPSS
Summary
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP ERP HCM Portugal |
Affected:
< 600
Affected: < 604 Affected: < 608 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3104456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP ERP HCM Portugal",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 600"
},
{
"status": "affected",
"version": "\u003c 604"
},
{
"status": "affected",
"version": "\u003c 608"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:30:39",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3104456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-42062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP ERP HCM Portugal",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "600"
},
{
"version_name": "\u003c",
"version_value": "604"
},
{
"version_name": "\u003c",
"version_value": "608"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3104456",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3104456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-42062",
"datePublished": "2021-11-10T15:30:39",
"dateReserved": "2021-10-07T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40504 (GCVE-0-2021-40504)
Vulnerability from cvelistv5 – Published: 2021-11-10 15:29 – Updated: 2024-08-04 02:44
VLAI?
EPSS
Summary
A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP NetWeaver AS for ABAP and ABAP Platform |
Affected:
< 700
Affected: < 701 Affected: < 702 Affected: < 710 Affected: < 711 Affected: < 730 Affected: < 731 Affected: < 740 Affected: < 750 Affected: < 751 Affected: < 752 Affected: < 753 Affected: < 754 Affected: < 755 Affected: < 756 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3105728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 700"
},
{
"status": "affected",
"version": "\u003c 701"
},
{
"status": "affected",
"version": "\u003c 702"
},
{
"status": "affected",
"version": "\u003c 710"
},
{
"status": "affected",
"version": "\u003c 711"
},
{
"status": "affected",
"version": "\u003c 730"
},
{
"status": "affected",
"version": "\u003c 731"
},
{
"status": "affected",
"version": "\u003c 740"
},
{
"status": "affected",
"version": "\u003c 750"
},
{
"status": "affected",
"version": "\u003c 751"
},
{
"status": "affected",
"version": "\u003c 752"
},
{
"status": "affected",
"version": "\u003c 753"
},
{
"status": "affected",
"version": "\u003c 754"
},
{
"status": "affected",
"version": "\u003c 755"
},
{
"status": "affected",
"version": "\u003c 756"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:29:16",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3105728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-40504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "700"
},
{
"version_name": "\u003c",
"version_value": "701"
},
{
"version_name": "\u003c",
"version_value": "702"
},
{
"version_name": "\u003c",
"version_value": "710"
},
{
"version_name": "\u003c",
"version_value": "711"
},
{
"version_name": "\u003c",
"version_value": "730"
},
{
"version_name": "\u003c",
"version_value": "731"
},
{
"version_name": "\u003c",
"version_value": "740"
},
{
"version_name": "\u003c",
"version_value": "750"
},
{
"version_name": "\u003c",
"version_value": "751"
},
{
"version_name": "\u003c",
"version_value": "752"
},
{
"version_name": "\u003c",
"version_value": "753"
},
{
"version_name": "\u003c",
"version_value": "754"
},
{
"version_name": "\u003c",
"version_value": "755"
},
{
"version_name": "\u003c",
"version_value": "756"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3105728",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3105728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-40504",
"datePublished": "2021-11-10T15:29:16",
"dateReserved": "2021-09-03T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38164 (GCVE-0-2021-38164)
Vulnerability from cvelistv5 – Published: 2021-09-14 11:19 – Updated: 2024-08-04 01:37
VLAI?
EPSS
Summary
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.
Severity ?
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) |
Affected:
< SAP_APPL - 600
Affected: < 602 Affected: < 603 Affected: < 604 Affected: < 605 Affected: < 606 Affected: < 616 Affected: < SAP_FIN - 617 Affected: < 618 Affected: < 700 Affected: < 720 Affected: < 730 Affected: < SAPSCORE - 125 Affected: < S4CORE Affected: < 100 Affected: < 101 Affected: < 102 Affected: < 103 Affected: < 104 Affected: < 105 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3068582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP ERP Financial Accounting (RFOPENPOSTING_FR)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c SAP_APPL - 600"
},
{
"status": "affected",
"version": "\u003c 602"
},
{
"status": "affected",
"version": "\u003c 603"
},
{
"status": "affected",
"version": "\u003c 604"
},
{
"status": "affected",
"version": "\u003c 605"
},
{
"status": "affected",
"version": "\u003c 606"
},
{
"status": "affected",
"version": "\u003c 616"
},
{
"status": "affected",
"version": "\u003c SAP_FIN - 617"
},
{
"status": "affected",
"version": "\u003c 618"
},
{
"status": "affected",
"version": "\u003c 700"
},
{
"status": "affected",
"version": "\u003c 720"
},
{
"status": "affected",
"version": "\u003c 730"
},
{
"status": "affected",
"version": "\u003c SAPSCORE - 125"
},
{
"status": "affected",
"version": "\u003c S4CORE"
},
{
"status": "affected",
"version": "\u003c 100"
},
{
"status": "affected",
"version": "\u003c 101"
},
{
"status": "affected",
"version": "\u003c 102"
},
{
"status": "affected",
"version": "\u003c 103"
},
{
"status": "affected",
"version": "\u003c 104"
},
{
"status": "affected",
"version": "\u003c 105"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T11:19:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3068582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-38164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP ERP Financial Accounting (RFOPENPOSTING_FR)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "SAP_APPL - 600"
},
{
"version_name": "\u003c",
"version_value": "602"
},
{
"version_name": "\u003c",
"version_value": "603"
},
{
"version_name": "\u003c",
"version_value": "604"
},
{
"version_name": "\u003c",
"version_value": "605"
},
{
"version_name": "\u003c",
"version_value": "606"
},
{
"version_name": "\u003c",
"version_value": "616"
},
{
"version_name": "\u003c",
"version_value": "SAP_FIN - 617"
},
{
"version_name": "\u003c",
"version_value": "618"
},
{
"version_name": "\u003c",
"version_value": "700"
},
{
"version_name": "\u003c",
"version_value": "720"
},
{
"version_name": "\u003c",
"version_value": "730"
},
{
"version_name": "\u003c",
"version_value": "SAPSCORE - 125"
},
{
"version_name": "\u003c",
"version_value": "S4CORE"
},
{
"version_name": "\u003c",
"version_value": "100"
},
{
"version_name": "\u003c",
"version_value": "101"
},
{
"version_name": "\u003c",
"version_value": "102"
},
{
"version_name": "\u003c",
"version_value": "103"
},
{
"version_name": "\u003c",
"version_value": "104"
},
{
"version_name": "\u003c",
"version_value": "105"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3068582",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3068582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-38164",
"datePublished": "2021-09-14T11:19:00",
"dateReserved": "2021-08-07T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6369 (GCVE-0-2020-6369)
Vulnerability from cvelistv5 – Published: 2020-10-20 13:30 – Updated: 2024-08-04 09:02
VLAI?
EPSS
Summary
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.
Severity ?
7.5 (High)
CWE
- Hard Coded Credentials
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) |
Affected:
< 9.7
Affected: < 10.1 Affected: < 10.5 Affected: < 10.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:02:39.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2971638"
},
{
"name": "20210614 Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 9.7"
},
{
"status": "affected",
"version": "\u003c 10.1"
},
{
"status": "affected",
"version": "\u003c 10.5"
},
{
"status": "affected",
"version": "\u003c 10.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hard Coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T20:06:24",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2971638"
},
{
"name": "20210614 Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jun/31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "9.7"
},
{
"version_name": "\u003c",
"version_value": "10.1"
},
{
"version_name": "\u003c",
"version_value": "10.5"
},
{
"version_name": "\u003c",
"version_value": "10.7"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard Coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2971638",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2971638"
},
{
"name": "20210614 Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jun/31"
},
{
"name": "http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6369",
"datePublished": "2020-10-20T13:30:36",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:02:39.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…