NotCVE - vendor:"Sap" product:"Basis" version:"7.52"

4 results (0.003 seconds)

CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-41264

https://notcve.org/view.php?id=CVE-2022-41264

13 Dec 2022 — Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application. Debido al alcance ilimitado del módulo de función... • https://launchpad.support.sap.com/#/notes/3268172 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2020-6307

https://notcve.org/view.php?id=CVE-2020-6307

14 Jan 2020 — Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. Automated Note Search Tool (actualización proporcionada en SAP Basis versiones 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 y 7.54), no realiza suficientes comprobaciones de autorización conllevando a la lectura de información confidencial. • https://launchpad.support.sap.com/#/notes/2863397 • CWE-863: Incorrect Authorization •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

CVE-2019-0248

https://notcve.org/view.php?id=CVE-2019-0248

08 Jan 2019 — Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-2478

https://notcve.org/view.php?id=CVE-2018-2478

13 Nov 2018 — An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the adm user. The commands executed depend upon the privileges of the adm user. Un atacante puede emplear entradas especialmente manipuladas para ejecutar comandos en el host de una instalación TREX/BWA, SAP Basis, en versiones 7.0 a 7.02, 7.10 a... • http://www.securityfocus.com/bid/105904 •