Monthly Archive: September 2021

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants...

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants...

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions). An attacker with access to the subnet of the affected device could retrieve...

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained. Date published : 2021-09-14 https://launchpad.support.sap.com/#/notes/3069882 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

Under certain conditions, SAP Business One version – 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. Date published : 2021-09-14...

SAP Business One version – 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high...

The SAP BusinessObjects BI Platform version – 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another...

Under certain conditions, SAP Contact Center – version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code...

Under certain conditions, SAP Contact Center – version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to...

Under certain conditions, SAP Contact Center – version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses...

Due to missing encoding in SAP Contact Center’s Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets...

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page. Date published : 2021-09-14 https://github.com/l00neyhacker/CVE-2021-32202

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian...

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...