CyberAlerts

CVE-2024-55546

Description: Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

December 11th, 2024 (4 months ago)

CVE-2024-55545

Reflected Cross-Site Scripting

Description: Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

December 11th, 2024 (4 months ago)

CVE-2024-55544

Authenticated Command Injection

Description: Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below.

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

December 11th, 2024 (4 months ago)

CVE-2024-54198

Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

Description: In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE

December 11th, 2024 (4 months ago)

CVE-2024-54197

Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview)

Description: SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE

December 11th, 2024 (4 months ago)

CVE-2024-54095

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer...

Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (4 months ago)

CVE-2024-54094

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based...

Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (4 months ago)

CVE-2024-54093

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based...

Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (4 months ago)

CVE-2024-54091

A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All...

Description: A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All versions < V37.1.109). The affected applications contain an out of bounds write vulnerability when parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 11th, 2024 (4 months ago)

CVE-2024-54037

Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)

Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.

CVSS: HIGH (7.3)

EPSS Score: 0.05%

Source: CVE

December 11th, 2024 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-55546	Stored Cross-Site Scripting Description: Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE December 11th, 2024 (4 months ago)
CVE-2024-55545	Reflected Cross-Site Scripting Description: Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE December 11th, 2024 (4 months ago)
CVE-2024-55544	Authenticated Command Injection Description: Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE December 11th, 2024 (4 months ago)
CVE-2024-54198	Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP Description: In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application. CVSS: HIGH (8.5) EPSS Score: 0.04% Source: CVE December 11th, 2024 (4 months ago)
CVE-2024-54197	Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview) Description: SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application. CVSS: HIGH (7.2) EPSS Score: 0.04% Source: CVE December 11th, 2024 (4 months ago)
CVE-2024-54095	A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer... Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE December 11th, 2024 (4 months ago)
CVE-2024-54094	A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based... Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE December 11th, 2024 (4 months ago)
CVE-2024-54093	A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based... Description: A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process. CVSS: HIGH (7.8) EPSS Score: 0.05% Source: CVE December 11th, 2024 (4 months ago)
CVE-2024-54091	A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All... Description: A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173), Parasolid V37.1 (All versions < V37.1.109). The affected applications contain an out of bounds write vulnerability when parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE December 11th, 2024 (4 months ago)
CVE-2024-54037	Adobe Connect \| Cross-site Scripting (DOM-based XSS) (CWE-79) Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. CVSS: HIGH (7.3) EPSS Score: 0.05% Source: CVE December 11th, 2024 (4 months ago)