Security Vulnerabilities - CVEs Published In October 2023
An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-10-10
An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.
CVSS Score
8.8
EPSS Score
0.471
Published
2023-10-10
The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-10-10
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-10
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-10-10
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-10
S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-10
SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.
CVSS Score
6.8
EPSS Score
0.002
Published
2023-10-10
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-10-10
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-10-10