Page 15 of 115 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver (Knowledge Management ICE Service), versiones 7.30, 7.31, 7.40, 7.50, permite a un atacante no autenticado ejecutar scripts maliciosos, conllevando a una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejada. • https://launchpad.support.sap.com/#/notes/2873012 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. Bajo determinadas condiciones, SAP NetWeaver AS Java (corregido en versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50), permite a un atacante acceder a información que de otro modo estaría restringida. • https://launchpad.support.sap.com/#/notes/2835226 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. Un administrador de SAP NetWeaver Application Server Java (J2EE-Framework), (corregido en las versiones 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), puede cambiar los privilegios para todas o algunas funciones en Java Server, y permitir a usuarios ejecutar funciones, que no son permitidas ejecutar de otro modo. • https://launchpad.support.sap.com/#/notes/2814357 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP NetWeaver Process Integration Runtime Workbench - MESSAGING y SAP_XIAF (anterior a las versiones 7.31, 7.40, 7.50) permiten que un atacante acceda a información que de otro modo estaría restringida. • https://launchpad.support.sap.com/#/notes/2802521 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 •

CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0

SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. SAP NetWeaver Application Server Java Web Container, ENGINEAPI (versiones anteriores a 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) y SAP-JEECOR (versiones anteriores a 6.40, 7.0, 7.01), permiten a un atacante inyectar código que puede ser ejecutado por la aplicación. Un atacante podría de este modo controlar el comportamiento de la aplicación. • https://launchpad.support.sap.com/#/notes/2798336 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 • CWE-94: Improper Control of Generation of Code ('Code Injection') •