Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-15 | CVE-2021-33692 | Path Traversal vulnerability in SAP Cloud Connector 2.0 SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. | 7.5 |
| 2021-09-15 | CVE-2021-33698 | Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business ONE 10.0 SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | 8.8 |
| 2021-09-15 | CVE-2021-33700 | Improper Authentication vulnerability in SAP Business ONE 10.0 SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. | 7.8 |
| 2021-09-15 | CVE-2021-33704 | Missing Authorization vulnerability in SAP Business ONE 10.0 The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. | 8.8 |
| 2021-09-15 | CVE-2021-33705 | Unspecified vulnerability in SAP Netweaver Portal The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. | 8.1 |
| 2021-09-15 | CVE-2021-40862 | Information Exposure vulnerability in Hashicorp Terraform Enterprise HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. | 8.8 |
| 2021-09-15 | CVE-2021-29750 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0 IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2021-09-15 | CVE-2021-40965 | Cross-Site Request Forgery (CSRF) vulnerability in Tinyfilemanager Project Tinyfilemanager 2.4.6 A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrator user to browse a URL controlled by an attacker. | 8.8 |
| 2021-09-15 | CVE-2020-21126 | Cross-Site Request Forgery (CSRF) vulnerability in Metinfo 7.0.0 MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=admin&c=index&a=doSaveInfo. | 8.8 |
| 2021-09-15 | CVE-2021-27045 | Out-of-bounds Read vulnerability in Autodesk Navisworks A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. | 7.8 |