CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2020-6229
https://notcve.org/view.php?id=CVE-2020-6229
14 Apr 2020 — SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP (aplicación CRM_BSP_FRAME de Business Server Pages), versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, no codifica suficientemente entradas controladas por el usuario, re... • https://launchpad.support.sap.com/#/notes/2900374 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2020-6215 – SAP Application Server ABAP Open Redirection
https://notcve.org/view.php?id=CVE-2020-6215
14 Apr 2020 — SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, permite a un atacante redireccionar a usuarios hacia un sitio malicioso debido... • https://packetstorm.news/files/id/174985 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-6205
https://notcve.org/view.php?id=CVE-2020-6205
10 Mar 2020 — SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability. SAP Ne... • https://launchpad.support.sap.com/#/notes/2884910 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6181
https://notcve.org/view.php?id=CVE-2020-6181
12 Feb 2020 — Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. En algunas circunstancias, la implementación de SSO SAML en SAP NetWeaver (SAP_BASIS versiones 702, 730, 731, 740 y SAP ABAP Platform (SAP_BASIS versiones 750, 751, 752, 753, 754), permi... • https://launchpad.support.sap.com/#/notes/2880744 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0321
https://notcve.org/view.php?id=CVE-2019-0321
10 Jul 2019 — ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. ABAP Server y ABAP Platform (SAP Basis), versiones 7.31, 7.4, 7.5, no codifican de manera suficiente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). • http://www.securityfocus.com/bid/109078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-0257
https://notcve.org/view.php?id=CVE-2019-0257
15 Feb 2019 — Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. La funcionalidad de personalización de SAP NetWeaver AS ABAP Platform (solucionado en versiones desde la 7.0 hasta la 7.02, desde la 7.10 hasta la 7.11, la 7.30, 7.31, 7.40, desde la 7.50 hasta la 7.53 y desde la 7.74 hasta la... • http://www.securityfocus.com/bid/106999 • CWE-862: Missing Authorization •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9843
https://notcve.org/view.php?id=CVE-2017-9843
12 Jul 2017 — SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841. SAP NetWeaver AS ABAP versión 7.40 permite que los usuarios autenticados remotos con ciertos privilegios causen una denegación de servicio (bloqueo del proceso) por medio de vectores que incluyen disp+work.exe, también se conoce como Nota de Seguridad de SAP 2406841. • http://www.securityfocus.com/bid/96900 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-4158
https://notcve.org/view.php?id=CVE-2015-4158
02 Jun 2015 — SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. SAP ABAP & Java Server permite a atacantes remotos causar una denegación de servicio (terminación de servicio) a través de vectores no especificado, también conocido como la nota de seguridad de SAP 2121661. • http://seclists.org/fulldisclosure/2015/May/96 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 4CVE-2015-2278 – SAP LZC/LZH Compression Denial of Service
https://notcve.org/view.php?id=CVE-2015-2278
13 May 2015 — The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. La implementación LZH decompression ... • http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 4CVE-2015-2282 – SAP LZC/LZH Compression Denial of Service
https://notcve.org/view.php?id=CVE-2015-2282
13 May 2015 — Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. Desbordamiento de buffer ... • http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •