CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-33005 – Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server
https://notcve.org/view.php?id=CVE-2024-33005
13 Aug 2024 — Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications. Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and J... • https://me.sap.com/notes/3438085 • CWE-862: Missing Authorization •
CVSS: 8.2EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4603
https://notcve.org/view.php?id=CVE-2009-4603
12 Jan 2010 — Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. vulnerabilidad inespecífica en sapstartsrv.exe en el kernel SAP v6.40, v7.00, v7.01, v7.10, v7.11, y v7.20, tal y como se utiliza en SAP NetWeaver v7.x y SAP W... • http://secunia.com/advisories/37684 •
CVSS: 6.1EPSS: 89%CPEs: 3EXPL: 2CVE-2008-2421 – SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2421
23 May 2008 — Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Web GUI en SAP Web Aplication Server (WAS) 7.0, Web Dynpro para ABAP (también conocido como WD4A o WDA), y Web Dynpro para BSP permite a atacantes ... • https://www.exploit-db.com/exploits/31816 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 5%CPEs: 7EXPL: 0CVE-2007-3615
https://notcve.org/view.php?id=CVE-2007-3615
06 Jul 2007 — Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. El Internet Communication Manager (también conocido como ICMAN.exe o ICM) en el SAP NetWeaver Application Server 6.x y 7.x, posiblemente sólo bajo Windows, permite a atacantes remotos provocar una denegac... • http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0105.html •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2006-6010 – SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering
https://notcve.org/view.php?id=CVE-2006-6010
21 Nov 2006 — SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747. SAP permite a atacantes remotos obtener información potencialmente sensible tal como la versión de sistema operativo y SAP, mediante una petición RFC_SYSTEM_INFO RfcCallReceive, una vulnerabilidad distinta de CVE-2003-0747. • https://packetstorm.news/files/id/180986 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6011
https://notcve.org/view.php?id=CVE-2006-6011
21 Nov 2006 — Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. Vulnerabilidad no especificada en SAP Web Application Server anterior a 6.40 patch 6 permite a atacantes remotos provocar una denegación de servicio (cierre de enserver.exe) mediante un determinado paquete UDP enviado al puerto 64999, también conoci... • http://securityreason.com/securityalert/1889 •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 1CVE-2006-5784 – SAP Web Application Server 6.40 - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2006-5784
07 Nov 2006 — Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user. Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos leer ficheros de su elecc... • https://www.exploit-db.com/exploits/3291 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2006-5785
https://notcve.org/view.php?id=CVE-2006-5785
07 Nov 2006 — Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. Vulnerabilidad no especificada en SAP Web Application Server 6.40 anterior al parche 136 y 7.00 anterior al parche 66 permite a atacantes remotos provocar una denegación de servicio (caída enserver.exe) mediante vectores no especificados. • http://secunia.com/advisories/22677 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 1CVE-2006-1039 – SAP Web Application Server 6.x/7.0 - Input Validation
https://notcve.org/view.php?id=CVE-2006-1039
07 Mar 2006 — SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. • https://www.exploit-db.com/exploits/27887 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 5%CPEs: 4EXPL: 2CVE-2005-3634 – SAP Web Application Server 6.x/7.0 - Open Redirection
https://notcve.org/view.php?id=CVE-2005-3634
16 Nov 2005 — frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. frameset.htm en soporte de tiempo de ejecución BSP de SAP Web Application Server (WAS) 6.10 a 7.00 permite a atacantes remotos cerrar la sesión de otros usuarios y redirigirlos a sitios web arbitrarios mediante un comando de cierre en el parámetro sap-... • https://www.exploit-db.com/exploits/26488 •