CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0279
https://notcve.org/view.php?id=CVE-2019-0279
10 Apr 2019 — ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges. Los módulos de función ABAP BASIS INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, e INST_CREATE_TCPIP_RFC_DEST en SAP BASIS (corregidos en las versiones 7.0 hasta 7.02, 7.10 hasta... • https://launchpad.support.sap.com/#/notes/2753629 • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2494
https://notcve.org/view.php?id=CVE-2018-2494
11 Dec 2018 — Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform. Se han solucionado las comprobaciones de autorización necesarias para un usuario autenticado, que resultaban en un escalado de privilegios, en SAP Basis AS ABAP en SAP NetWeaver, del 700 al 750 y desde el 750, provistos como plataforma ABAP. • https://launchpad.support.sap.com/#/notes/2698996 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2367
https://notcve.org/view.php?id=CVE-2018-2367
01 Mar 2018 — ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs. ABAP File Interface en SAP BASIS, de la versión 7.00 a la 7.02, de la versión 7.10 a la 7.11, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.52, permite que un atacante explote la validación insuficiente de la info... • http://www.securityfocus.com/bid/103006 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2363
https://notcve.org/view.php?id=CVE-2018-2363
09 Jan 2018 — SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials. SAP NetWeaver y SAP BASIS, desde la versión 7.00 hasta la 7.02, desde la 7.10 a la 7.11, 7.30, 7.31, 7.40 y desde la versión 7.50 a la 7.52, contiene código que... • http://www.securityfocus.com/bid/102449 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-16691
https://notcve.org/view.php?id=CVE-2017-16691
12 Dec 2017 — SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted. "La herramienta SAP Note Assistant SAP Note Assis... • http://www.securityfocus.com/bid/101822 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2017-16682
https://notcve.org/view.php?id=CVE-2017-16682
12 Dec 2017 — SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. SAP NetWeaver Internet Transaction Server (ITS), SAP Basis desde la versión 7.00 hasta la 7.02, 7.30, 7.31 y 7.40 y desde la versión 7.50 hasta la 7.52, permite que un atacante con credenciales de administrador inyecte código que puede ser... • http://www.securityfocus.com/bid/102143 • CWE-94: Improper Control of Generation of Code ('Code Injection') •