CVE-2024-27901

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-35
View all →

Vulnerability Description

SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.

Related Vulnerabilities

CVE-2025-26354

HIGH
CVSS:7.2(High)

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive fil...

CWE-352025

CVE-2025-26356

HIGH
CVSS:7.2(High)

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitiv...

CWE-352025

CVE-2023-7263

HIGH
CVSS:7.3(High)

Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ...

CWE-352023

CVE-2022-36928

HIGH
CVSS:7.1(High)

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.

CWE-352022

CVE-2023-21417

HIGH
CVSS:7.1(High)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can...

CWE-352023

CVE-2023-21418

HIGH
CVSS:7.1(High)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploit...

CWE-352023