CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26660 |
Description: SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.
CVSS: MEDIUM (4.3) EPSS Score: 0.06%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-26659 |
Description: SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the malicious JavaScript payload executes in the scope of victim�s browser potentially compromising their data and/or manipulating browser content. This leads to a limited impact on confidentiality and integrity. There is no impact on availability
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-26658 |
Description: The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to higher privilege and can read, modify and/or write new data. To gain authenticated sessions of other users, the attacker must invest considerable time and effort. This vulnerability has a high impact on the confidentiality and integrity of the application with no effect on the availability of the application.
CVSS: MEDIUM (6.8) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-26656 |
Description: OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-26655 |
Description: SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted.
CVSS: LOW (3.1) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-25245 |
Description: SAP BusinessObjects Business Intelligence Platform (Web Intelligence) contains a deprecated web application endpoint that is not properly secured. An attacker could take advantage of this by injecting a malicious url in the data returned to the user. On successful exploitation, there could be a limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-25244 |
Description: SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability.
CVSS: MEDIUM (5.7) EPSS Score: 0.02%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-25242 |
Description: SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-23194 |
Description: SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application.
CVSS: MEDIUM (5.3) EPSS Score: 0.07%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-23188 |
Description: An authenticated user with low privileges can exploit a missing authorization check in an IBS module of FS-RBD, allowing unauthorized access to perform actions beyond their intended permissions. This causes a low impact on integrity with no impact on confidentiality and availability.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 11th, 2025 (4 months ago)
|