Page 10 of 64 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. SAP NetWeaver ABAP Server y ABAP Platform, versiones - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, no crea información sobre el usuario RFC interno y externo en un formato consistente y distinguible, lo que podría conllevar a una autenticación inapropiada y podría ser explotado por usuarios maliciosos para obtener acceso ilegítimo al sistema • https://launchpad.support.sap.com/#/notes/3007182 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 • CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 1%CPEs: 13EXPL: 2

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform. SAP NetWeaver AS ABAP y ABAP Platform, versiones - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contiene el módulo de función SRM_RFC_SUBMIT_REPORT que no comprueba la autorización de un usuario autenticado por lo tanto permitir a un usuario no autorizado ejecutar reportes en la plataforma SAP NetWeaver ABAP The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected. • http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html http://seclists.org/fulldisclosure/2022/May/42 https://launchpad.support.sap.com/#/notes/3002517 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 • CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service. SAP NetWeaver AS ABAP, versiones 740, 750, 751, 752, 753, 754, 755, permite a un atacante no autenticado impedir que usuarios legítimos accedan a un servicio, ya sea bloqueando o inundando el servicio, esto presenta un alto impacto en la disponibilidad de el servicio • https://launchpad.support.sap.com/#/notes/3000306 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP, versiones - 740, 750, 751, 752, 753, 754, no codifica suficientemente la URL, lo que permite a un atacante ingresar un script java malicioso en la URL que podría ser ejecutado en el navegador, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://launchpad.support.sap.com/#/notes/2996479 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP (Web Dynpro), versiones: 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que revela información confidencial del sistema que podría de otro modo estar restringido a usuarios altamente privilegiados debido a una falta de autorización, resultando en una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2971954 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 • CWE-862: Missing Authorization •