cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-30214,https://securityvulnerability.io/vulnerability/CVE-2024-30214,Malicious GET Query Parameter Attack on Service Invocations,"The application allows a high privilege attacker to append a malicious GET query parameter to Service invocations, which are reflected in the server response. Under certain circumstances, if the parameter contains a JavaScript, the script could be processed on client side.

",SAP,SAP Business Connector,4.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-09T01:15:00.000Z,0
CVE-2006-0731,https://securityvulnerability.io/vulnerability/CVE-2006-0731,,"WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.",SAP,Business Connector,,,0.019130000844597816,false,false,false,false,,false,false,2006-02-16T11:00:00.000Z,0
CVE-2006-0732,https://securityvulnerability.io/vulnerability/CVE-2006-0732,,"Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle.  Details will be updated after the grace period has ended.  NOTE: SAP Business Connector is an OEM version of webMethods Integration Server.  webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation.  In addition, the attacker must already have acquired administrative privileges through other means.",SAP,Business Connector,,,0.005369999911636114,false,false,false,false,,false,false,2006-02-16T11:00:00.000Z,0