cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,,false,false,false,,,false,false,,2023-09-12T03:15:00.000Z,0
CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2023-09-12T02:15:00.000Z,0
CVE-2023-29108,https://securityvulnerability.io/vulnerability/CVE-2023-29108,"IP filter vulnerability in ABAP Platform and SAP Web Dispatcher	 ","The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.

",SAP,Abap Platform And SAP Web Dispatcher,5,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2023-04-11T03:15:00.000Z,0
CVE-2022-22536,https://securityvulnerability.io/vulnerability/CVE-2022-22536,Request Smuggling Vulnerability in SAP NetWeaver and Related Products,"Several SAP NetWeaver products, including the Application Server ABAP and Java, along with the ABAP Platform and SAP Web Dispatcher, are vulnerable to a request smuggling issue. An unauthenticated attacker can manipulate HTTP requests by prepending arbitrary data to a victim's request. This technique enables the attacker to execute functions on behalf of the victim or to poison web caches, compromising the overall security of the system. As a result, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of affected SAP systems.",SAP,"SAP Netweaver And Abap Platform,SAP Web Dispatcher,SAP Content Server",10,CRITICAL,0.9574900269508362,true,2022-08-18T00:00:00.000Z,false,false,true,2022-04-02T16:12:56.000Z,true,false,false,,2022-02-09T22:05:24.000Z,0