NotCVE - vendor:"Sap" product:"Sapscore"

8 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0

CVE-2023-29188 – Cross-Site Scripting (XSS) vulnerability in SAP CRM WebClient UI

https://notcve.org/view.php?id=CVE-2023-29188

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data. • https://i7p.wdf.sap.corp/sap/support/notes/3315979 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2022-31597

https://notcve.org/view.php?id=CVE-2022-31597

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. Dentro de SAP S/4HANA - versiones S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE versión 127, la extensión de la aplicación de socios comerciales para España/Eslovaquia no lleva a cabo las comprobaciones de autorización necesarias para un usuario autenticado con pocos privilegios a través de la red, resultando en una escalada de privilegios que presenta un impacto bajo en la confidencialidad e integridad de los datos • https://launchpad.support.sap.com/#/notes/3213826 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-862: Missing Authorization •

CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 4

CVE-2021-33701 – SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection

https://notcve.org/view.php?id=CVE-2021-33701

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. DMIS Mobile Plug-In o SAP S/4HANA, versiones - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, permite a un atacante con acceso a una cuenta altamente privilegiada ejecutar una consulta manipulada en la herramienta NDZT para conseguir acceso a la cuenta Superuser, conllevando a una vulnerabilidad de Inyección SQL, que presenta un gran impacto en la Confidencialidad, Integridad y Disponibilidad de los sistemas SAP Netweaver suffers from a remote ADBC SQL injection vulnerability in IUUC_RECON_RC_COUNT_TABLE_BIG. Other software and various versions are also affected. • http://packetstormsecurity.com/files/165303/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-SQL-Injection.html http://packetstormsecurity.com/files/165304/SAP-Netweaver-IUUC_RECON_RC_COUNT_TABLE_BIG-ABAP-Code-Injection.html http://seclists.org/fulldisclosure/2021/Dec/35 http://seclists.org/fulldisclosure/2021/Dec/36 https://launchpad.support.sap.com/#/notes/3078312 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 19EXPL: 0

CVE-2018-2484

https://notcve.org/view.php?id=CVE-2018-2484

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. SAP Enterprise Financial Services (solucionado en SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) no realiza las comprobaciones necesarias de autorización para un usuario autenticado, lo que resulta en un escalado de privilegios. • http://www.securityfocus.com/bid/106477 https://launchpad.support.sap.com/#/notes/2662687 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 • CWE-862: Missing Authorization •

CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0

CVE-2019-0244

https://notcve.org/view.php?id=CVE-2019-0244

SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP CRM WebClient UI (solucionado en SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) no valida suficientemente los campos ocultos controlados por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106473 https://launchpad.support.sap.com/#/notes/2588763 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2