VYPR

RFC enabled function module

by SAP

CVEs (5)

  • CVE-2024-44117MedSep 10, 2024
    risk 0.35cvss 5.4epss 0.00

    The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.

  • CVE-2024-42371MedSep 10, 2024
    risk 0.35cvss 5.4epss 0.00

    The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and…

  • CVE-2024-44116MedSep 10, 2024
    risk 0.28cvss 4.3epss 0.00

    The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the…

  • CVE-2024-44115MedSep 10, 2024
    risk 0.28cvss 4.3epss 0.00

    The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the…

  • CVE-2024-42380MedSep 10, 2024
    risk 0.28cvss 4.3epss 0.00

    The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.