NuytsTech Security

Monthly Archive: May 2021

CVE-2021-27733

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment. Date published : 2021-05-11 Home JetBrains Security Bulletin Q1 2021

CVE-2021-27619

SAP Commerce (Backoffice Search), versions – 1808, 1811, 1905, 2005, 2011, allows a low privileged user to search for attributes which are not supposed to be displayed to them. Although the search results are...

CVE-2021-27618

The Integration Builder Framework of SAP Process Integration versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could...

CVE-2021-27617

The Integration Builder Framework of SAP Process Integration versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious...

CVE-2021-27616

Under certain conditions, SAP Business One Hana Chef Cookbook, versions – 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary...

CVE-2021-27614

SAP Business One Hana Chef Cookbook, versions – 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by...

CVE-2021-27613

Under certain conditions, SAP Business One Chef cookbook, version – 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data...

CVE-2021-27612

In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials...

CVE-2021-27611

SAP NetWeaver AS ABAP, versions – 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP...