VYPR

Successfactors

by SAP

CVEs (2)

  • CVE-2017-9613MedJun 15, 2017
    risk 0.35cvss 5.4epss 0.01

    Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.

  • CVE-2022-35291Jul 27, 2022
    risk 0.00cvss epss 0.01

    Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and…