CVE-2024-47593

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability.

Related Vulnerabilities

CVE-2012-1157

MEDIUM
CVSS:4.3(Medium)

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

CWE-2762012

CVE-2013-4764

MEDIUM
CVSS:4.3(Medium)

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.

CWE-2762013

CVE-2017-9505

MEDIUM
CVSS:4.3(Medium)

Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Conflu...

CWE-2762017

CVE-2019-10465

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine wh...

CWE-2762019

CVE-2019-10473

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CWE-2762019

CVE-2019-10474

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.

CWE-2762019