CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 3CVE-2022-27668 – SAP SAProuter Improper Access Control
https://notcve.org/view.php?id=CVE-2022-27668
14 Jun 2022 — Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. Dependiendo de la configuración de la tabla de permisos de ruta en el archivo "sapr... • https://packetstorm.news/files/id/168406 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-8589
https://notcve.org/view.php?id=CVE-2014-8589
04 Nov 2014 — Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests. Desbordamiento de enteros en SAP Network Interface Router (SAProuter) 40.4 permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de solicitudes manipuladas. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 5%CPEs: 3EXPL: 3CVE-2014-0984 – SAP Router - Timing Attack Password Disclosure
https://notcve.org/view.php?id=CVE-2014-0984
16 Apr 2014 — The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first incorrect character, which allows remote attackers to obtain passwords via a brute-force attack that relies on timing differences in responses to incorrect password guesses, aka a timing side-channel attack. La función passwordCheck en SAP Router 721 patch 117, 720 patch 411, 710 patch 029, y anteriores termina la valid... • https://packetstorm.news/files/id/126194 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7093
https://notcve.org/view.php?id=CVE-2013-7093
13 Dec 2013 — SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. SAP Network Interface Router (SAProuter) 39.3 SP4 permite a atacantes remotos evitar la autenticación y modificar la configuración a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2013-6817
https://notcve.org/view.php?id=CVE-2013-6817
19 Nov 2013 — Heap-based buffer overflow in SAP Network Interface Router (SAProuter) 7.30 allows remote attackers to cause a denial of service and execute arbitrary code via crafted NI Route messages. Desbordamiento de búfer basado en memoria dinámica en SAP Network Interface Router (SAProuter) 7.30 permite a atacantes remotos provocar una denegación de servicio y ejecutar código arbitrario a través de mensajes NI Route manipulados. • http://scn.sap.com/docs/DOC-8218 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •