{"vulnerability": "cve-2024-4237", "sightings": [{"uuid": "0e9ab7c3-35f7-42cc-9269-05f0efc82341", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42372", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113469173654682869", "content": "", "creation_timestamp": "2024-11-12T09:03:06.271472Z"}, {"uuid": "1ec347f9-cefb-4afc-9350-61ce9ba814c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42372", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113467161743274259", "content": "", "creation_timestamp": "2024-11-12T00:31:27.148467Z"}, {"uuid": "51d6be06-e817-47de-84e6-fb629adb14bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42373", "type": "seen", "source": "https://t.me/cvedetector/2961", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42373 - SAP Student Life Cycle Management Privilege Escalation Weakness\", \n  \"Content\": \"CVE ID : CVE-2024-42373 \nPublished : Aug. 13, 2024, 5:15 a.m. | 32\u00a0minutes ago \nDescription : SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to delete non-sensitive report variants that are typically restricted, causing minimal impact on the integrity of the application. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T07:54:19.000000Z"}, {"uuid": "dcd11f3e-2e17-4634-a164-565097c419d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42372", "type": "seen", "source": "https://t.me/cvedetector/10564", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42372 - SAP NetWeaver AS Java System Landscape Directory Missing Authorization Check Vulnerability (Information Disclosure and Manipulation)\", \n  \"Content\": \"CVE ID : CVE-2024-42372 \nPublished : Nov. 12, 2024, 1:15 a.m. | 37\u00a0minutes ago \nDescription : Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-12T02:59:00.000000Z"}, {"uuid": "20eec063-333e-4ec4-bcd7-7f24199ce82f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42371", "type": "seen", "source": "https://t.me/cvedetector/5156", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42371 - \"Apache Workplace Favourites Deletion\" (Note: This is a straightforward title that combines the product name \"Apache\" with a descriptive phrase that summarizes the vulnerability)\", \n  \"Content\": \"CVE ID : CVE-2024-42371 \nPublished : Sept. 10, 2024, 3:15 a.m. | 35\u00a0minutes ago \nDescription : The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T05:52:00.000000Z"}, {"uuid": "9764be08-f2e5-4a9e-9a3e-11cadc89b390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42378", "type": "seen", "source": "https://t.me/cvedetector/5153", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42378 - SAP S/4HANA Reflected Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-42378 \nPublished : Sept. 10, 2024, 3:15 a.m. | 35\u00a0minutes ago \nDescription : Due to weak encoding of user-controlled inputs, eProcurement on SAP S/4HANA allows malicious scripts to be executed in the application, potentially leading to a Reflected Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"10 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-10T05:51:58.000000Z"}, {"uuid": "f9141091-2a9e-4c40-90ac-9717b2fd4053", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42375", "type": "seen", "source": "https://t.me/cvedetector/2949", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42375 - SAP BusinessObjects Business Intelligence Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42375 \nPublished : Aug. 13, 2024, 4:15 a.m. | 40\u00a0minutes ago \nDescription : SAP BusinessObjects Business Intelligence  \n  Platform allows an authenticated attacker to upload malicious code over the  \n  network, that could be executed by the application. On successful exploitation,  \n  the attacker can cause a low impact on the Integrity of the application. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T07:03:55.000000Z"}, {"uuid": "90de25f1-83eb-41eb-a9db-33a72bbe71c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42376", "type": "seen", "source": "https://t.me/cvedetector/2948", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42376 - SAP Shared Service Framework Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42376 \nPublished : Aug. 13, 2024, 4:15 a.m. | 40\u00a0minutes ago \nDescription : SAP Shared Service Framework does not perform necessary  \nauthorization check for an authenticated user, resulting in escalation of  \nprivileges. On successful exploitation, an attacker can cause a high impact on  \nconfidentiality of the application. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T07:03:54.000000Z"}, {"uuid": "6a61774c-b876-4455-9844-38e4679759e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42374", "type": "seen", "source": "https://t.me/cvedetector/2947", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42374 - SAP BEx Web Java Runtime XSST\", \n  \"Content\": \"CVE ID : CVE-2024-42374 \nPublished : Aug. 13, 2024, 4:15 a.m. | 40\u00a0minutes ago \nDescription : BEx Web Java Runtime Export Web Service does not  \nsufficiently validate an XML document accepted from an untrusted source. An  \nattacker can retrieve information from the SAP ADS system and exhaust the  \nnumber of XMLForm service which makes the SAP ADS rendering (PDF creation)  \nunavailable. This affects the confidentiality and availability of the  \napplication. \nSeverity: 8.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T07:03:53.000000Z"}, {"uuid": "e02f1085-317f-43db-ba1a-d7720c9eb6cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42377", "type": "seen", "source": "https://t.me/cvedetector/2946", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42377 - SAP Shared Service Framework Elevated Privileges Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42377 \nPublished : Aug. 13, 2024, 4:15 a.m. | 40\u00a0minutes ago \nDescription : SAP shared service framework allows an  \nauthenticated non-administrative user to call a remote-enabled function, which  \nwill allow them to insert value entries into a non-sensitive table, causing low  \nimpact on integrity of the application \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T07:03:52.000000Z"}]}