CVE-2023-24527
Es bestehen mehrere Schwachstellen in SAP-Software. Diese Schwachstellen bestehen in verschiedenen Komponenten wie NetWeaver, BusinessObjects Business Intelligence oder Enterprise Project Connection, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie Path-Traversal-Probleme, fehlende Berechtigungsprüfungen oder eine unsachgemäße Eingabevalidierung und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting- und Spoofing-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen preiszugeben und einen Denial-of-Service-Zustand zu verursachen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion oder ein bestimmtes Maß an Berechtigungen, um erfolgreich ausgenutzt zu werden.
EPSS 0.34% · 57.4th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP | SAP Software |
Exploit Intelligence
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- cve-2015-9251 (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
- This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions. (github-poc)
…and 93 more exploits
Timeline
- Apr 11, 2023 EPSS Score
- Apr 11, 2023 CVE Published
- May 19, 2023 EPSS Score
- Jun 26, 2023 EPSS Score
- Aug 2, 2023 EPSS Score
- Sep 9, 2023 EPSS Score
- Oct 17, 2023 EPSS Score
- Oct 21, 2023 PoC Published
- Nov 24, 2023 EPSS Score
- Dec 31, 2023 EPSS Score
- Feb 7, 2024 EPSS Score
- Mar 16, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0904.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0904 advisory
- https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0307.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0307 advisory
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html advisory