CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28163 – Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages)
https://notcve.org/view.php?id=CVE-2024-28163
12 Mar 2024 — Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. Bajo ciertas condiciones, las páginas web de soporte de SAP NetWeaver Process Integration (PI), versiones 7.50, permiten a un atacante acceder a información que de otro modo estaría restringida, lo que causa un bajo impacto en l... • https://me.sap.com/notes/3434192 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22127 – Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)
https://notcve.org/view.php?id=CVE-2024-22127
12 Mar 2024 — SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application. SAP NetWeaver Administrator AS Java (complemento Administrator Log Viewer): versión 7.50, permite a un atacante con altos privilegios cargar archivos potenci... • https://me.sap.com/notes/3433192 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24743 – XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)
https://notcve.org/view.php?id=CVE-2024-24743
13 Feb 2024 — SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected. SAP NetWeaver AS Java (CAF - Procedimientos guiados): versión 7.50, permite a un atacante no autenticado enviar una solicitud maliciosa con un archivo XML manipulado a través de... • https://me.sap.com/notes/3426111 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22126 – Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)
https://notcve.org/view.php?id=CVE-2024-22126
13 Feb 2024 — The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability. La aplicación User Admin de SAP NetWeaver AS para Java, versión 7.50, no valida lo suficiente y codifica incorrectamente los parámetros de la URL entrante antes de inclui... • https://me.sap.com/notes/3417627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •