CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 https://launchpad.support.sap.com/#/notes/2723142 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2478
https://notcve.org/view.php?id=CVE-2018-2478
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user. Un atacante puede emplear entradas especialmente manipuladas para ejecutar comandos en el host de una instalación TREX/BWA, SAP Basis, en versiones 7.0 a 7.02, 7.10 a 7.11, 7.30, 7.31, 7.40 y 7.50 a 7.53. No todos los comandos son posibles, solo aquellos que puedan ser ejecutados por el usuario adm. • http://www.securityfocus.com/bid/105904 https://launchpad.support.sap.com/#/notes/2675696 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4551
https://notcve.org/view.php?id=CVE-2016-4551
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. Los componentes (1) SAP_BASIS y (2) SAP_ABA 7.00 SP Level 0031 en SAP NetWeaver 2004s podría permitir a atacantes remotos suplantar direcciones IP escritas en el Security Audit Log a través de vectores relacionados con el entorno de red, vulnerabilidad también conocida como SAP Security Note 2190621. • http://seclists.org/fulldisclosure/2016/Oct/3 http://www.securityfocus.com/bid/93288 https://www.onapsis.com/research/security-advisories/sap-security-audit-log-invalid-address-logging • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3063
https://notcve.org/view.php?id=CVE-2013-3063
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. SAP BASIS Communication Services v4.6B través de v7.30 permite a los usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0179.html http://scn.sap.com/docs/DOC-8218 http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/39-remote-code-execution-in-sap-connect-communication-services https://service.sap.com/sap/support/notes/1674132 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3495
https://notcve.org/view.php?id=CVE-2007-3495
Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SAP Internet Communication Framework (BC-MID-ICF) en el componente de SAP Basis 700 anterior a SP12, y 640 anterior a SP20, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante ciertos parámetros asociados con la página de error por defecto del inicio de sesión. • http://osvdb.org/37749 http://secunia.com/advisories/25866 http://securityreason.com/securityalert/2849 http://www.csnc.ch/advisory/sap02.html http://www.securityfocus.com/archive/1/472345/100/0/threaded http://www.vupen.com/english/advisories/2007/2381 https://exchange.xforce.ibmcloud.com/vulnerabilities/35107 •