Page 14 of 144 results (0.010 seconds)

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application. Integration Builder Framework de SAP Process Integration versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba la extensión del tipo de archivo del archivo cargado desde la fuente local. Un atacante podría crear un archivo malicioso y cargarlo en la aplicación, lo que podría conllevar a la denegación de servicio y afectar la disponibilidad de la aplicación • https://launchpad.support.sap.com/#/notes/3012021 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted. SAP NetWeaver ABAP Server y ABAP Platform (Process Integration - Integration Builder Framework), versiones - 7.10, 7.30, 7.31, 7.40, 7.50, permiten que un atacante acceda a información bajo determinadas condiciones, que de otro modo estarían restringidas • https://launchpad.support.sap.com/#/notes/3012277 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 •

CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. A fin de impedir una vulnerabilidad de XML External Entity en SAP NetWeaver ABAP Server y ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versiones - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recomienda consultar esta nota • https://launchpad.support.sap.com/#/notes/3036436 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user. Un atacante no autorizado puede ser capaz de atraer a un administrador para que invoque comandos telnet de SAP NetWeaver Application Server para Java que permitan al atacante obtener hashes NTLM de un usuario privilegiado • https://launchpad.support.sap.com/#/notes/3001824 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attacker does not have control over kind or degree. SAP NetWeaver AS Java (Aplicaciones basadas en HTMLB para Java) permite a un atacante autorizado de nivel básico almacenar un archivo malicioso en el servidor. Cuando una víctima intenta abrir este archivo, resulta en una vulnerabilidad de tipo Cross-Site Scripting (XSS) y el atacante puede leer y modificar datos. • https://launchpad.support.sap.com/#/notes/2963592 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •