CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29108 – IP filter vulnerability in ABAP Platform and SAP Web Dispatcher
https://notcve.org/view.php?id=CVE-2023-29108
11 Apr 2023 — The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources. • https://launchpad.support.sap.com/#/notes/3315312 • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-40501
https://notcve.org/view.php?id=CVE-2021-40501
10 Nov 2021 — SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system. SAP ABAP Platform Kernel - versiones 7.77, 7.81, 7.85, 7.86, no lleva a cabo las comprobaciones de autorización necesarias para un ... • https://launchpad.support.sap.com/#/notes/3099776 • CWE-862: Missing Authorization •