Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-49587
Publication date:
12/12/2023
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2023

CVE-2023-50422
Publication date:
12/12/2023
SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2024

CVE-2023-50423
Publication date:
12/12/2023
SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2024

CVE-2023-49584
Publication date:
12/12/2023
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/12/2023

CVE-2023-49577
Publication date:
12/12/2023
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2023

CVE-2023-49578
Publication date:
12/12/2023
SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2024

CVE-2023-49580
Publication date:
12/12/2023
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2024

CVE-2023-49581
Publication date:
12/12/2023
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2024

CVE-2023-49583
Publication date:
12/12/2023
SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2024

CVE-2023-46219
Publication date:
12/12/2023
When saving HSTS data to an excessively long file name, curl could end up<br /> removing all contents, making subsequent requests using that file unaware of<br /> the HSTS status they should otherwise use.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2023-42927
Publication date:
12/12/2023
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2023

CVE-2023-49058
Publication date:
12/12/2023
SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/12/2023
Subscribe to Vulnerabilities