CVE-2025-27428

HIGH Year: 2025
CVSS v3 Score
7.7
High
Weakness Type
CWE-862
View all →

Vulnerability Description

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability.

Related Vulnerabilities

CVE-2023-2590

HIGH
CVSS:7.7(High)

Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.

CWE-8622023

CVE-2023-42358

HIGH
CVSS:7.7(High)

An issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API co...

CWE-8622023

CVE-2023-51418

HIGH
CVSS:7.7(High)

Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6.

CWE-8622023

CVE-2023-51500

HIGH
CVSS:7.7(High)

Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8.

CWE-8622023

CVE-2023-52713

HIGH
CVSS:7.7(High)

Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

CWE-8622023

CVE-2024-0452

HIGH
CVSS:7.7(High)

The AI ChatBot plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the openai_file_upload_callback function in all versions up to, and includin...

CWE-8622024