30 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability. • https://me.sap.com/notes/3508947 https://url.sap/sapsecuritypatchday • CWE-276: Incorrect Default Permissions •

CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity. • https://me.sap.com/notes/3504390 https://url.sap/sapsecuritypatchday • CWE-476: NULL Pointer Dereference •

CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0

Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications. • https://me.sap.com/notes/3438085 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. El servidor de aplicaciones ABAP de SAP NetWeaver, así como la plataforma ABAP, permiten a un atacante impedir que usuarios legítimos accedan a un servicio, ya sea bloqueando o inundando el servicio. Esto tiene un impacto considerable en la disponibilidad. • https://me.sap.com/notes/3359778 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 • CWE-400: Uncontrolled Resource Consumption CWE-605: Multiple Binds to the Same Port •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. SAP NetWeaver Application Server (ABAP): versiones KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, bajo ciertas condiciones, permite a un atacante acceder a información que de otro modo podría estar restringida con baja impacto en la confidencialidad de la solicitud. • https://me.sap.com/notes/3360827 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •