CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6202
https://notcve.org/view.php?id=CVE-2020-6202
10 Mar 2020 — SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. SAP NetWeaver Application Server Java (User Management Engine), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; no comprueba suficientemente el documento XML de configuración de la fuente de datos LDAP aceptado desde una fuente no segura , con... • https://launchpad.support.sap.com/#/notes/2847787 • CWE-20: Improper Input Validation •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7968
https://notcve.org/view.php?id=CVE-2015-7968
09 Mar 2020 — nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. El módulo nwbc_ext2int en SAP NetWeaver Application Server antes de la Nota de Seguridad 2183189, permite ataques de tipo XXE para la inclusión de archivos locales por medio del URI sap/bc/ui2/nwbc/nwbc_ext2int/. • https://labs.integrity.pt/advisories/cve-2015-7968 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6190
https://notcve.org/view.php?id=CVE-2020-6190
12 Feb 2020 — Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. Determinados endpoints vulnerables en SAP NetWeaver AS Java (Heap Dump Application), versiones 7.30, 7.31, 7.40, 7.50, proporcionan información valiosa sobre el sistema tal y como el nombre de host, el nodo del servidor y la ruta de ... • https://launchpad.support.sap.com/#/notes/2838835 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0391
https://notcve.org/view.php?id=CVE-2019-0391
13 Nov 2019 — Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. Bajo determinadas condiciones, SAP NetWeaver AS Java (corregido en versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50), permite a un atacante acceder a información que de otro modo estaría restringida. • https://launchpad.support.sap.com/#/notes/2835226 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0389
https://notcve.org/view.php?id=CVE-2019-0389
13 Nov 2019 — An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. Un administrador de SAP NetWeaver Application Server Java (J2EE-Framework), (corregido en las versiones 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), puede cambiar los privilegios para todas o algunas funciones en Java Server, y permitir a usuarios ... • https://launchpad.support.sap.com/#/notes/2814357 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0355
https://notcve.org/view.php?id=CVE-2019-0355
10 Sep 2019 — SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. SAP NetWeaver Application Server Java Web Container, ENGINEAPI (versiones anteriores a 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) y SAP-JEECOR (versiones anteriores a 6.40, 7.0, 7.01), permiten a un atacante in... • https://launchpad.support.sap.com/#/notes/2798336 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-0345
https://notcve.org/view.php?id=CVE-2019-0345
14 Aug 2019 — A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking authentication credentials for its own SAP Management console, resulting in Server-Side Request Forgery. Un atacante remoto no autenticado puede abusar de un servicio web en SAP NetWeaver Application Server for Java (Administrator System Overview), versione... • https://launchpad.support.sap.com/#/notes/2813811 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0327
https://notcve.org/view.php?id=CVE-2019-0327
10 Jul 2019 — SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation. SAP NetWeaver para Java Application Server - Web Container, (engineapi, versiones 7.1, 7.2, 7.3, 7.31, 7.4 y 7.5), (servercode, versiones 7.2, 7.3, 7.31, 7.4, 7.5), permiten a un atacante cargar archivos (incluyendo archivos de script) sin la compro... • http://www.securityfocus.com/bid/109071 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0321
https://notcve.org/view.php?id=CVE-2019-0321
10 Jul 2019 — ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. ABAP Server y ABAP Platform (SAP Basis), versiones 7.31, 7.4, 7.5, no codifican de manera suficiente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). • http://www.securityfocus.com/bid/109078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0318
https://notcve.org/view.php?id=CVE-2019-0318
10 Jul 2019 — Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones SAP NetWeaver Application Server para Java (Framework Startup), versiones 7.21, 7.22, 7.45, 7.49 y 7.53, permite a un atacante acceder a información que de otra manera estaría restringida. • http://www.securityfocus.com/bid/109069 •