NotCVE - vendor:"Sap" product:"Netweaver" version:"701"

Page 10 of 53 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-6275

https://notcve.org/view.php?id=CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. SAP Netweaver AS ABAP, versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, son vulnerables a un ataque de tipo Server Side Request Forgery, donde un atacante puede usar nombres de ruta inapropiados que contienen nombres de servidores maliciosos en la funcionalidad de importación/exportación de sesiones y obligan al servidor web a autenticarse con el servidor malicioso. Adicionalmente, si NTLM está configurado, el atacante puede comprometer la confidencialidad, integridad y disponibilidad de la base de datos de SAP • https://launchpad.support.sap.com/#/notes/2912939 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2020-6246

https://notcve.org/view.php?id=CVE-2020-6246

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado • https://launchpad.support.sap.com/#/notes/2878935 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2020-6213

https://notcve.org/view.php?id=CVE-2020-6213

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs. SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) reflejado, por medio de diferentes parámetros URL ya que no codifica suficientemente las entradas controladas por usuario. • https://launchpad.support.sap.com/#/notes/2872752 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

CVE-2020-6217

https://notcve.org/view.php?id=CVE-2020-6217

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada. • https://launchpad.support.sap.com/#/notes/2872545 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

CVE-2020-6229

https://notcve.org/view.php?id=CVE-2020-6229

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP (aplicación CRM_BSP_FRAME de Business Server Pages), versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, no codifica suficientemente entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada. • https://launchpad.support.sap.com/#/notes/2900374 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...8 9 10 11