Page 10 of 60 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service. SAP NetWeaver AS ABAP, versiones 740, 750, 751, 752, 753, 754, 755, permite a un atacante no autenticado impedir que usuarios legítimos accedan a un servicio, ya sea bloqueando o inundando el servicio, esto presenta un alto impacto en la disponibilidad de el servicio • https://launchpad.support.sap.com/#/notes/3000306 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP, versiones - 740, 750, 751, 752, 753, 754, no codifica suficientemente la URL, lo que permite a un atacante ingresar un script java malicioso en la URL que podría ser ejecutado en el navegador, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://launchpad.support.sap.com/#/notes/2996479 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP (Web Dynpro), versiones: 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que revela información confidencial del sistema que podría de otro modo estar restringido a usuarios altamente privilegiados debido a una falta de autorización, resultando en una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2971954 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro), versiones - 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que luego permite leer y eliminar archivos de registro de la base de datos debido a un Control de Acceso Inapropiado • https://launchpad.support.sap.com/#/notes/2971954 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 •

CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0

SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting. SAP Netweaver AS ABAP(BSP Test Application sbspext_table), versión-700,701,720,730,731,740,750,751,752,753,754,755, permite a un atacante no autenticado enviar una URL contaminada a la víctima, cuando la víctima hace clic en esta URL, el atacante puede leer, modificar la información disponible en el navegador de la víctima llevando a Reflected Cross Site Scripting • https://launchpad.support.sap.com/#/notes/2948239 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •