cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0
CVE-2022-29614,https://securityvulnerability.io/vulnerability/CVE-2022-29614,,"SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.",SAP,"SAP Netweaver As Abap, As Java, Abap Platform And Hana Database",5,MEDIUM,0.0005799999926239252,false,false,false,false,,false,false,2022-06-14T18:27:16.000Z,0
CVE-2021-21474,https://securityvulnerability.io/vulnerability/CVE-2021-21474,,"SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database.",SAP,SAP Hana Database,6.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2021-02-09T20:44:04.000Z,0
CVE-2020-26834,https://securityvulnerability.io/vulnerability/CVE-2020-26834,,"SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued.",SAP,SAP Hana Database,4.2,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2020-12-09T16:30:45.000Z,0
CVE-2019-0350,https://securityvulnerability.io/vulnerability/CVE-2019-0350,,"SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service",SAP,SAP Hana Database,7.5,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2019-11-04T14:33:20.000Z,0
CVE-2018-2424,https://securityvulnerability.io/vulnerability/CVE-2018-2424,,"SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00",SAP,"SAP Hana Database,SAP Ui5,SAP Ui5(java),SAP Ui,SAP Ui For SAP Netweaver 7.00",9.8,CRITICAL,0.0021699999924749136,false,false,false,false,,false,false,2018-06-12T15:00:00.000Z,0