CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21492
https://notcve.org/view.php?id=CVE-2021-21492
SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled. SAP NetWeaver Application Server Java (HTTP Service), versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba suficientemente el grupo de inicio de sesión en las URL, resultando en una vulnerabilidad de suplantación de contenido cuando la lista de directorios está habilitada • https://launchpad.support.sap.com/#/notes/3025637 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27598
https://notcve.org/view.php?id=CVE-2021-27598
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet. SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versiones - 7.31, 7.40, 7.50, permite a un atacante leer algunos datos estadísticos como la versión del producto, el tráfico, la marca de tiempo, etc. debido a una falta de comprobación de autorización en el servlet • https://launchpad.support.sap.com/#/notes/3027937 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-21491
https://notcve.org/view.php?id=CVE-2021-21491
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. SAP Netweaver Application Server Java (Aplicaciones basadas en WebDynpro Java) versiones 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permiten a un atacante redireccionar a usuarios a un sitio malicioso debido a vulnerabilidades de Reverse Tabnabbing • https://launchpad.support.sap.com/#/notes/2976947 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21488
https://notcve.org/view.php?id=CVE-2021-21488
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. Knowledge Management versiones 7.01, 7.02, 7.30, 7.31, 7.40, 7.50, permiten a un atacante remoto con privilegios básicos deserializar unos datos controlados por el usuario sin comprobación, conllevando a una deserialización no segura que desencadena el código del atacante y, por lo tanto, afecta la Disponibilidad • https://launchpad.support.sap.com/#/notes/2983436 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21481
https://notcve.org/view.php?id=CVE-2021-21481
The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability. MigrationService, que forma parte de SAP NetWeaver versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no lleva a cabo una comprobación de autorización. Esto podría permitir a un atacante no autorizado acceder a los objetos de configuración, incluyendo los que otorgan privilegios administrativos. • https://launchpad.support.sap.com/#/notes/3022422 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 • CWE-863: Incorrect Authorization •