CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-0278
https://notcve.org/view.php?id=CVE-2019-0278
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. Bajo ciertas condiciones, el Servlet de monitoreo de NetWeaver Process Integration (Sistema de Mensajería), corregido en las versiones 7.10 hasta 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permite que un atacante vea los nombres de las tablas de bases de datos usadas por la aplicación, lo que conlleva a la divulgación de información. • https://launchpad.support.sap.com/#/notes/2741201 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0275
https://notcve.org/view.php?id=CVE-2019-0275
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. SAML 1.1 SSO Demo Application en SAP NetWeaCVEr Java Application SerCVEr (J2EE-APPS), desde la CVErsión 7.10 hasta la 7.11 y en CVErsiones 7.20, 7.30, 7.31, 7.40 y 7.50, no codifica suficientemente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107362 https://launchpad.support.sap.com/#/notes/2689925 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 https://launchpad.support.sap.com/#/notes/2723142 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2504
https://notcve.org/view.php?id=CVE-2018-2504
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. El servicio Java Web Container, de SAP NetWeaver AS, no valida contra una lista blanca la cabecera HTTP del host, lo que puede resultar en una vulnerabilidad de manipulación de la cabecera HTTP del host o de Cross-Site Scripting (XSS). La vulnerabilidad se ha solucionado en las versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50. • http://www.securityfocus.com/bid/106150 https://launchpad.support.sap.com/#/notes/2718993 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2503
https://notcve.org/view.php?id=CVE-2018-2503
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). Por defecto, el almacén de claves Java de SAP NetWeaver AS no restringe lo suficiente el acceso a recursos que deberían estar protegidos. Esto ha sido solucionado en SAP NetWeaver AS Java (ServerCore en versiones 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50). • http://www.securityfocus.com/bid/106156 https://launchpad.support.sap.com/#/notes/2658279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-862: Missing Authorization •