CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 https://launchpad.support.sap.com/#/notes/2723142 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2478
https://notcve.org/view.php?id=CVE-2018-2478
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user. Un atacante puede emplear entradas especialmente manipuladas para ejecutar comandos en el host de una instalación TREX/BWA, SAP Basis, en versiones 7.0 a 7.02, 7.10 a 7.11, 7.30, 7.31, 7.40 y 7.50 a 7.53. No todos los comandos son posibles, solo aquellos que puedan ser ejecutados por el usuario adm. • http://www.securityfocus.com/bid/105904 https://launchpad.support.sap.com/#/notes/2675696 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4551
https://notcve.org/view.php?id=CVE-2016-4551
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. Los componentes (1) SAP_BASIS y (2) SAP_ABA 7.00 SP Level 0031 en SAP NetWeaver 2004s podría permitir a atacantes remotos suplantar direcciones IP escritas en el Security Audit Log a través de vectores relacionados con el entorno de red, vulnerabilidad también conocida como SAP Security Note 2190621. • http://seclists.org/fulldisclosure/2016/Oct/3 http://www.securityfocus.com/bid/93288 https://www.onapsis.com/research/security-advisories/sap-security-audit-log-invalid-address-logging • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3063
https://notcve.org/view.php?id=CVE-2013-3063
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. SAP BASIS Communication Services v4.6B través de v7.30 permite a los usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0179.html http://scn.sap.com/docs/DOC-8218 http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/39-remote-code-execution-in-sap-connect-communication-services https://service.sap.com/sap/support/notes/1674132 •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2007-3496
https://notcve.org/view.php?id=CVE-2007-3496
Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Dynpro Java (BC-WD-JAV) en SAP NetWeaver Nw04 SP15 hasta SP19 y Nw04s SP7 hasta SP11, también conocido como SAP Java TEchnology Services 640 anterior a SP20 y SAP Web Dynpro Runtime Core Components 700 anterior a SP12, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la cabecera HTTP User-Agent. • http://osvdb.org/37748 http://secunia.com/advisories/25866 http://securityreason.com/securityalert/2850 http://www.csnc.ch/advisory/sap01.html http://www.securityfocus.com/archive/1/472341/100/0/threaded http://www.vupen.com/english/advisories/2007/2381 •