CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28217
https://notcve.org/view.php?id=CVE-2022-28217
13 Jun 2022 — Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by causing system to crash. Alguna parte de SAP NetWeaver (EP Web Page Composer) no valida suficientemente un documento XML aceptado desde una fuente no fiable, lo que permite a un adversario explotar el estacionamiento... • https://launchpad.support.sap.com/#/notes/3148377 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2022-28772
https://notcve.org/view.php?id=CVE-2022-28772
12 Apr 2022 — By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. Mediante valores de entrada demasiado largos, un atacante puede forzar la sobreescritura de la pila interna del programa en SAP Web... • https://launchpad.support.sap.com/#/notes/3111311 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2022-28773
https://notcve.org/view.php?id=CVE-2022-28773
12 Apr 2022 — Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. Debido a una recursión no controlada en SAP Web Dispatcher y SAP Internet Communication Manager, la aplicación puede bloquearse, conllevando a una denegación de servicio, pero puede reiniciarse automáticamente • https://launchpad.support.sap.com/#/notes/3111293 • CWE-674: Uncontrolled Recursion •
CVSS: 9.9EPSS: 88%CPEs: 4EXPL: 2CVE-2021-38163 – SAP NetWeaver Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2021-38163
14 Sep 2021 — SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable. SAP NetWeaver (Visual Composer 7.0 RT) versiones - 7.30, 7.31, 7.40,... • https://github.com/core1impact/CVE-2021-38163 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21481
https://notcve.org/view.php?id=CVE-2021-21481
09 Mar 2021 — The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability. MigrationService, que forma parte de SAP NetWeaver versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no lleva a cabo una comprobación de aut... • https://launchpad.support.sap.com/#/notes/3022422 • CWE-863: Incorrect Authorization •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6285
https://notcve.org/view.php?id=CVE-2020-6285
14 Jul 2020 — SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. SAP NetWeaver - XML ??Toolkit for JAVA (ENGINEAPI) (versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), bajo determinadas condiciones, permite a un atacante acceder a información que de otro modo estaría restringida, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2932473 •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2020-6203
https://notcve.org/view.php?id=CVE-2020-6203
10 Mar 2020 — SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal. SAP NetWeaver UDDI Server (Services Registry), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; permite a un atacante explotar la comprobación insuficiente de la información de la ruta proporci... • https://launchpad.support.sap.com/#/notes/2806198 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2019-0351
https://notcve.org/view.php?id=CVE-2019-0351
14 Aug 2019 — A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. Se prese... • https://launchpad.support.sap.com/#/notes/2800779 •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
08 Jan 2019 — Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2477
https://notcve.org/view.php?id=CVE-2018-2477
13 Nov 2018 — Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. Knowledge Management (XMLForms) en SAP NetWeaver, 7.30, 7.31, 7.40 y 7.50 no valida lo suficiente un documento XML aceptado de una fuente no fiable. • http://www.securityfocus.com/bid/105901 • CWE-91: XML Injection (aka Blind XPath Injection) •