CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-37491 – Improper Authorization check vulnerability in SAP Message Server
https://notcve.org/view.php?id=CVE-2023-37491
08 Aug 2023 — The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable. The ACL (Access Control List) of SAP Message Ser... • https://me.sap.com/notes/3344295 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 41%CPEs: 1EXPL: 2CVE-2007-3624 – SAP Message Server - 'Group' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-3624
09 Jul 2007 — Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group. Desbordamiento de búfer basado en pila en Message HTTP Server en SAP Message Server permite a atacantes remotos ejecutar código de su elección a través de cadenas largas en el parámetro group en /msgserver/html/group. • https://www.exploit-db.com/exploits/30265 •