CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2019-0349
https://notcve.org/view.php?id=CVE-2019-0349
14 Aug 2019 — SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check Kernel de SAP (ABAP Debugger), versiones KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22... • https://launchpad.support.sap.com/#/notes/2798743 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2019-0304
https://notcve.org/view.php?id=CVE-2019-0304
12 Jun 2019 — FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application. La función FTP de SAP NetWeaver AS ABAP Platform, versiones- K... • https://launchpad.support.sap.com/#/notes/2719530 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-0271
https://notcve.org/view.php?id=CVE-2019-0271
12 Mar 2019 — ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below. El servidor ABA... • http://www.securityfocus.com/bid/107355 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2019-0270
https://notcve.org/view.php?id=CVE-2019-0270
12 Mar 2019 — ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04. El servidor ABAP de SAP NetWeaver y ABAP Platform no... • http://www.securityfocus.com/bid/107377 • CWE-862: Missing Authorization •
CVSS: 4.9EPSS: 0%CPEs: 25EXPL: 0CVE-2019-0265
https://notcve.org/view.php?id=CVE-2019-0265
15 Feb 2019 — SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75. El registro SLD de ABAP Platform permite que un atacante evite que usuarios legítimos accedan a un servicio, ya se... • http://www.securityfocus.com/bid/106972 • CWE-611: Improper Restriction of XML External Entity Reference •