CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6185
https://notcve.org/view.php?id=CVE-2020-6185
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. Bajo determinadas condiciones, ABAP Online Community en SAP NetWeaver (SAP_BASIS versión 7.40) y SAP S/4HANA (SAP_BASIS versiones 7.50, 7.51, 7.52, 7.53, 7.54), permite a un atacante autenticado almacenar una carga útil maliciosa que resulta en una vulnerabilidad de tipo Cross Site Scripting Almacenado. • https://launchpad.support.sap.com/#/notes/2880869 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6181
https://notcve.org/view.php?id=CVE-2020-6181
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. En algunas circunstancias, la implementación de SSO SAML en SAP NetWeaver (SAP_BASIS versiones 702, 730, 731, 740 y SAP ABAP Platform (SAP_BASIS versiones 750, 751, 752, 753, 754), permite a un atacante incluir datos invalidados en encabezado de respuesta HTTP enviado a un usuario Web, conllevando a una vulnerabilidad de División de Respuesta HTTP. • https://launchpad.support.sap.com/#/notes/2880744 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6184
https://notcve.org/view.php?id=CVE-2020-6184
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Bajo determinadas condiciones, ABAP Online Community en SAP NetWeaver (SAP_BASIS versión 7.40) y SAP S/4HANA (SAP_BASIS versiones 7.50, 7.51, 7.52, 7.53, 7.54), no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado. • https://launchpad.support.sap.com/#/notes/2863397 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-6304
https://notcve.org/view.php?id=CVE-2020-6304
Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. Una comprobación de entrada inapropiada en SAP NetWeaver Internet Communication Manager (actualización proporcionada en KRNL32NUC & KRNL32UC versiones 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC & KRNL64UC versiones 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KERNEL versiones 7.21, 7.49, 7.53), permite a un atacante impedir a usuarios acceder a sus servicios por medio de una denegación de servicio. • https://launchpad.support.sap.com/#/notes/2848498 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0318
https://notcve.org/view.php?id=CVE-2019-0318
Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones SAP NetWeaver Application Server para Java (Framework Startup), versiones 7.21, 7.22, 7.45, 7.49 y 7.53, permite a un atacante acceder a información que de otra manera estaría restringida. • http://www.securityfocus.com/bid/109069 https://launchpad.support.sap.com/#/notes/2738791 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 •