CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2470
https://notcve.org/view.php?id=CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. En SAP NetWeaver Application Server for ABAP desde la versión 7.0 hasta la 7.02, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.53, las aplicaciones no cifran lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105551 https://launchpad.support.sap.com/#/notes/2684760 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2452
https://notcve.org/view.php?id=CVE-2018-2452
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. La aplicación de inicio de sesión de SAP NetWeaver AS Java desde la versión 7.10 hasta la 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105325 https://launchpad.support.sap.com/#/notes/2623846 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2018-2415
https://notcve.org/view.php?id=CVE-2018-2415
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed. Java Web Container y HTTP Service en SAP NetWeaver Application Server (Engine API, de la versión 7.10 a la 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40 y 7.50) no cifran lo suficiente entradas controladas por el usuario, lo que resulta en una vulnerabilidad de suplantación de contenido cuando se muestran páginas de error. • http://www.securityfocus.com/bid/104130 https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018 https://launchpad.support.sap.com/#/notes/2550202 • CWE-172: Encoding Error •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2368
https://notcve.org/view.php?id=CVE-2018-2368
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31 y 7.40 no realiza comprobaciones de autenticación para funcionalidades que requieren la identidad del usuario. • http://www.securityfocus.com/bid/103000 https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2565622 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2015-2815
https://notcve.org/view.php?id=CVE-2015-2815
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. Desbordamiento de buffer en la función C_SAPGPARAM en NetWeaver Dispatcher en SAP KERNEL 7.00 (7000.52.12.34966) y 7.40 (7400.12.21.30308) permite a usuarios remotos autenticados causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores no especificados, también conocido como la nota de seguridad de SAP 2063369. • http://packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html http://seclists.org/fulldisclosure/2015/Jun/61 http://www.securityfocus.com/archive/1/535825/100/800/threaded http://www.securityfocus.com/bid/73897 https://erpscan.io/advisories/erpscan-15-003-sapkernel-c_sapgparam-rce-dos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •