CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-25615 – SQL Injection vulnerability in SAP ABAP Platform
https://notcve.org/view.php?id=CVE-2023-25615
14 Mar 2023 — Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application. • https://launchpad.support.sap.com/#/notes/3289844 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-44231
https://notcve.org/view.php?id=CVE-2021-44231
14 Dec 2021 — Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. Los informes de extracción de texto usados internamente permiten a un atacante inyectar código que puede ser ejecutado por la aplicación. Un atacante podría así controlar el comportamiento de la aplicación • https://launchpad.support.sap.com/#/notes/3119365 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 10%CPEs: 13EXPL: 3CVE-2020-6318 – SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
https://notcve.org/view.php?id=CVE-2020-6318
09 Sep 2020 — A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.... • https://packetstorm.news/files/id/167229 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-6310
https://notcve.org/view.php?id=CVE-2020-6310
12 Aug 2020 — Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. Un control de acceso inapropiado en el componente SOA Configuration Trace en SAP NetWeaver (ABAP Server) y la plataforma ABAP, versiones - 702, 730, 731, 740, 750, permite a cualquier usuario autenticado enumerar todos los usuarios de SAP, conllevando a una Divulgación de... • https://launchpad.support.sap.com/#/notes/2944988 •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2020-6299
https://notcve.org/view.php?id=CVE-2020-6299
12 Aug 2020 — SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure. SAP NetWeaver (ABAP Server) y la plataforma ABAP, versiones - 740, 750, 751, 752, 753, 754, 755, permiten a un usuario empresarial acceder a la lista de usuarios en el sistema dado usando la ayuda de valor, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2941510 •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-6296
https://notcve.org/view.php?id=CVE-2020-6296
12 Aug 2020 — SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. SAP NetWeaver (ABAP Server) y plataforma ABAP, versiones: 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, permiten a un atacante inyectar código que puede ser ejecutado por la aplicación conllevando a una Inyecció... • https://launchpad.support.sap.com/#/notes/2941667 •