CVSS: 6.4EPSS: 0%CPEs: 14EXPL: 0CVE-2023-24529
https://notcve.org/view.php?id=CVE-2023-24529
14 Feb 2023 — Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information. • https://launchpad.support.sap.com/#/notes/3282663 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21488
https://notcve.org/view.php?id=CVE-2021-21488
09 Mar 2021 — Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. Knowledge Management versiones 7.01, 7.02, 7.30, 7.31, 7.40, 7.50, permiten a un atacante remoto con privilegios básicos deserializar unos datos controlados por el usuario sin comprobación, conllevando a una deserialización no segura qu... • https://launchpad.support.sap.com/#/notes/2983436 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6263
https://notcve.org/view.php?id=CVE-2020-6263
10 Jun 2020 — Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. Los clientes dedicados que se conectan a SAP NetWeaver AS Java por medio del protocolo P4, versiones (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.... • https://launchpad.support.sap.com/#/notes/2878568 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6225
https://notcve.org/view.php?id=CVE-2020-6225
14 Apr 2020 — SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. SAP NetWeaver (Knowledge Management), versiones (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7... • https://launchpad.support.sap.com/#/notes/2896682 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-6205
https://notcve.org/view.php?id=CVE-2020-6205
10 Mar 2020 — SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability. SAP Ne... • https://launchpad.support.sap.com/#/notes/2884910 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2470
https://notcve.org/view.php?id=CVE-2018-2470
09 Oct 2018 — In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. En SAP NetWeaver Application Server for ABAP desde la versión 7.0 hasta la 7.02, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.53, las aplicaciones no cifran lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 0CVE-2016-10311
https://notcve.org/view.php?id=CVE-2016-10311
10 Apr 2017 — Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. El desbordamiento de búfer basado en pila en SAP NetWeaver desde 7.0 hasta la versión 7.5 permite a atacantes remotos causar una denegación de servicio () enviando un paquete manipulado al puerto SAPSTARTSRV, también conocido como Nota de seguridad de SAP 2295238. • https://erpscan.io/advisories/erpscan-16-030-sap-netweaver-sapstartsrv-stack-based-buffer-overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2016-4015 – SAP NetWeaver Enqueue Server 7.4 Denial of Service
https://notcve.org/view.php?id=CVE-2016-4015
14 Apr 2016 — The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. El Enqueue Server en SAP NetWeaver JAVA AS 7.1 hasta la versión 7.4 permite a atacantes remotos causar una denegación de servicio (caída de proceso) a través de una petición manipulada, también conocida como SAP Security Note 2258784. SAP NetWeaver Enqueue Server version 7.4 suffers from a denial of service vulnerability. • https://erpscan.io/advisories/erpscan-16-019-sap-netweaver-enqueue-server-dos-vulnerability •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2015-2815 – SAP NetWeaver Dispatcher Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-2815
01 Apr 2015 — Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. Desbordamiento de buffer en la función C_SAPGPARAM en NetWeaver Dispatcher en SAP KERNEL 7.00 (7000.52.12.34966) y 7.40 (7400.12.21.30308) permite a usuarios remotos autenticados causar una denegación de servicio o posib... • http://packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 29%CPEs: 2EXPL: 5CVE-2014-0995 – SAP NetWeaver Enqueue Server - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0995
16 Oct 2014 — The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. El servidor Standalone Enqueue en SAP Netweaver 7.20, 7.01, y anteriores permite a atacantes remotos causar una denegación de servicio (recursión sin control y caída) a través de un nivel de traza con un comodín en la pauta de traza (Trace Pattern). Core Security Technologies Advisory - A vulnera... • https://packetstorm.news/files/id/128726 • CWE-20: Improper Input Validation •