7 results (0.039 seconds)

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Kernel (RFC), KRNL32NUC, KRNL32UC y KRNL64NUC versiones anteriores a 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, versiones anteriores a 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 y KERNEL versiones anteriores a 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) versiones anteriores a 7.5, 7.6 y SAP GUI para Java (BC-FES-JAV) anteriores a versión 7.5, permiten a un atacante impedir que usuarios legítimos accedan a un servicio, ya sea mediante el bloqueo o la inundación del servicio. • https://launchpad.support.sap.com/#/notes/2786151 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below. El servidor ABAP (utilizado en NetWeaver y Suite / ERP) y la plataforma ABAP no validan suficientemente un documento XML aceptado de una fuente no segura, lo que genera una vulnerabilidad de entidad externa XML (XEE). Se corrigió en Kernel 7.21 o 7.22, que es el Servidor ABAP 7.00 a 7.31 y Kernel 7.45, 7.49 o 7.53, que es el Servidor ABAP 7.40 a 7.52 o la Plataforma ABAP. • http://www.securityfocus.com/bid/107355 https://launchpad.support.sap.com/#/notes/2736825 https://launchpad.support.sap.com/#/notes/2870067 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. En ciertas condiciones, SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 y 7.73, permiten que un atacante transporte información que, de otra forma, estaría restringida. • http://www.securityfocus.com/bid/105090 https://launchpad.support.sap.com/#/notes/2671160 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742 •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Gateway (SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.53) permite que un atacante evite que usuarios legítimos accedan a un servicio, ya sea inundándolo o provocando su cierre inesperado. • https://launchpad.support.sap.com/#/notes/2597913 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. Vulnerabilidad de redirección de URL en SAP Startup Service; SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.52, que permite que un atacante redirija usuarios a un sitio malicioso. • http://www.securityfocus.com/bid/102157 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017 https://launchpad.support.sap.com/#/notes/2520995 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •