CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 https://launchpad.support.sap.com/#/notes/2723142 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •
CVE-2018-2504
https://notcve.org/view.php?id=CVE-2018-2504
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. El servicio Java Web Container, de SAP NetWeaver AS, no valida contra una lista blanca la cabecera HTTP del host, lo que puede resultar en una vulnerabilidad de manipulación de la cabecera HTTP del host o de Cross-Site Scripting (XSS). La vulnerabilidad se ha solucionado en las versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50. • http://www.securityfocus.com/bid/106150 https://launchpad.support.sap.com/#/notes/2718993 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2503
https://notcve.org/view.php?id=CVE-2018-2503
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). Por defecto, el almacén de claves Java de SAP NetWeaver AS no restringe lo suficiente el acceso a recursos que deberían estar protegidos. Esto ha sido solucionado en SAP NetWeaver AS Java (ServerCore en versiones 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50). • http://www.securityfocus.com/bid/106156 https://launchpad.support.sap.com/#/notes/2658279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-862: Missing Authorization •
CVE-2018-2492
https://notcve.org/view.php?id=CVE-2018-2492
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. La funcionalidad de SAML 2.0 en SAP NetWeaver AS Java no valida lo suficiente los documentos XML recibidos de una fuente no fiable. La vulnerabilidad se ha solucionado en las versiones 7.2, 7.30, 7.31, 7.40 y 7.50. • http://www.securityfocus.com/bid/106153 https://launchpad.support.sap.com/#/notes/2642680 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-2476
https://notcve.org/view.php?id=CVE-2018-2476
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. Debido a la validación de URL insuficiente en los foros en SAP NetWeaver 7.30, 7.31 y 7.40, un atacante puede redirigir a los usuarios a un sitio malicioso. • http://www.securityfocus.com/bid/105898 https://launchpad.support.sap.com/#/notes/2658755 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •