CVE-2023-29189

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-23
View all →

Vulnerability Description

SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields

Related Vulnerabilities

CVE-2020-3597

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. ...

CWE-232020

CVE-2024-52012

MEDIUM
CVSS:5.4(Medium)

Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" A...

CWE-232024

CVE-2025-24343

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system pat...

CWE-232025

CVE-2025-43016

MEDIUM
CVSS:5.4(Medium)

In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session

CWE-232025

CVE-2020-1904

MEDIUM
CVSS:5.5(Medium)

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafte...

CWE-232020

CVE-2022-34378

MEDIUM
CVSS:5.5(Medium)

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially e...

CWE-232022