cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-25642,https://securityvulnerability.io/vulnerability/CVE-2024-25642,Attackers Can Impersonate Genuine Servers to Intercept Sensitive Information in SAP Cloud Connector,"The vulnerability identified in SAP Cloud Connector version 2.0 arises from improper validation of certificates, potentially allowing attackers to impersonate legitimate servers. This flaw enables an attacker to break the mutual authentication mechanism, leading to serious security concerns. It grants the attacker the capability to intercept requests, thereby exposing sensitive information to unauthorized access or modification. The system's availability remains unaffected, but the risk of data integrity and confidentiality violations is significant.",SAP,SAP Cloud Connector,7.4,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2024-02-13T02:44:20.284Z,0
CVE-2023-49578,https://securityvulnerability.io/vulnerability/CVE-2023-49578,Denial of service (DOS) in SAP Cloud Connector,"SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.",SAP,SAP Cloud Connector,3.5,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-12-12T02:15:00.000Z,0
CVE-2021-33694,https://securityvulnerability.io/vulnerability/CVE-2021-33694,Stored Cross-Site Scripting in SAP Cloud Connector by SAP,"The SAP Cloud Connector version 2.0 contains a vulnerability whereby insufficient encoding of user-controlled inputs enables an attacker with Administrator privileges to inject malicious code. This code can be stored in the database and executed when accessed through the application, leading to serious security risks associated with Stored Cross-Site Scripting.",SAP,SAP Cloud Connector,5.9,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-09-15T18:01:49.000Z,0
CVE-2021-33693,https://securityvulnerability.io/vulnerability/CVE-2021-33693,OS Command Execution Vulnerability in SAP Cloud Connector,"The SAP Cloud Connector version 2.0 has a vulnerability that permits an authenticated administrator to alter configuration files. This alteration can lead to the injection of malicious code, thereby creating a potential risk for OS command execution. Such an exploitation could allow unauthorized users to execute arbitrary commands on the host operating system, resulting in severe security implications.",SAP,SAP Cloud Connector,5.7,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-09-15T18:01:47.000Z,0
CVE-2021-33695,https://securityvulnerability.io/vulnerability/CVE-2021-33695,Certificate Validation Flaw in SAP Cloud Connector by SAP,"The SAP Cloud Connector version 2.0 allows communication with the backend without adequately validating the server certificate. This lack of proper validation may expose systems to various security risks, enabling potential unauthorized access and compromising sensitive data. Organizations using this version should assess their security posture and apply necessary updates to ensure robust protection against potential attacks.",SAP,SAP Cloud Connector,6.8,MEDIUM,0.0012000000569969416,false,,false,false,false,,,false,false,,2021-09-15T18:01:44.000Z,0
CVE-2021-33692,https://securityvulnerability.io/vulnerability/CVE-2021-33692,Directory Traversal Vulnerability in SAP Cloud Connector,"The SAP Cloud Connector version 2.0 contains a directory traversal vulnerability that permits malicious users to upload specially crafted zip files. By employing tricks with path separators such as '..' and '/', attackers can escape the intended file upload directory, leading to unauthorized access to sensitive files or directories on the server. This exploit can severely compromise the security of the system and must be addressed promptly.",SAP,SAP Cloud Connector,5.2,MEDIUM,0.00443999981507659,false,,false,false,false,,,false,false,,2021-09-15T18:01:43.000Z,0
CVE-2019-0246,https://securityvulnerability.io/vulnerability/CVE-2019-0246,,"SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.",SAP,SAP Cloud Connector,9.8,CRITICAL,0.012969999574124813,false,,false,false,false,,,false,false,,2019-01-08T20:00:00.000Z,0
CVE-2019-0247,https://securityvulnerability.io/vulnerability/CVE-2019-0247,,"SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.",SAP,SAP Cloud Connector,9.8,CRITICAL,0.006279999855905771,false,,false,false,false,,,false,false,,2019-01-08T20:00:00.000Z,0
CVE-2018-2409,https://securityvulnerability.io/vulnerability/CVE-2018-2409,,"Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform.",SAP,SAP Cloud Platform Connector,6.3,MEDIUM,0.0024800000246614218,false,,false,false,false,,,false,false,,2018-04-10T15:00:00.000Z,0