CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27616
https://notcve.org/view.php?id=CVE-2021-27616
11 May 2021 — Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application. Bajo determinadas condiciones, SAP Business One Hana Chef Cookbook, versiones 8.82, 9.0, 9.1, 9.2... • https://launchpad.support.sap.com/#/notes/3049661 •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27614
https://notcve.org/view.php?id=CVE-2021-27614
11 May 2021 — SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the integrity and availability of the application. SAP Business One Hana Chef Cookbook, versiones 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, usados para instalar SAP Business One en SAP HANA, permite a un atacante inyectar código ... • https://launchpad.support.sap.com/#/notes/3049661 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21484
https://notcve.org/view.php?id=CVE-2021-21484
09 Mar 2021 — LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind. Una autenticación LDAP en SAP HANA Database versión 2.0, puede ser omitido si el servidor de directorio LDAP adjunto está configurado para habilitar un enlace no autenticado • https://launchpad.support.sap.com/#/notes/3017378 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21474
https://notcve.org/view.php?id=CVE-2021-21474
09 Feb 2021 — SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidating the digital signature, this allows them to impersonate as user in HANA database and be able to read the contents in the database. SAP HANA Database, versiones - 1.0, 2.0, acepta tokens SAML con un digest MD5, un a... • https://launchpad.support.sap.com/#/notes/2992154 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 3CVE-2020-26832 – SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
https://notcve.org/view.php?id=CVE-2020-26832
09 Dec 2020 — SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailabl... • https://packetstorm.news/files/id/167229 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26834
https://notcve.org/view.php?id=CVE-2020-26834
09 Dec 2020 — SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued. SAP HANA Database, versión 2.0, no comprueba correctamente el nombre de usuario cuando lleva a cabo la autenticación de usuario basada en token de portador SAML. Es posible manipular un token d... • https://launchpad.support.sap.com/#/notes/2978768 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 2%CPEs: 13EXPL: 3CVE-2020-26808 – SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
https://notcve.org/view.php?id=CVE-2020-26808
10 Nov 2020 — SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application. SAP AS ABAP (DMIS), versiones: 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011... • https://packetstorm.news/files/id/167229 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6273
https://notcve.org/view.php?id=CVE-2020-6273
12 Aug 2020 — SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check. SAP S/4 HANA (Fiori UI para General Ledger Accounting), versiones 103, 104, no lleva a cabo unas comprobaciones de autorización necesarias para un usuario autenticado que trabaja con el servicio attachment, permitiendo al atacante eliminar archivos ad... • https://launchpad.support.sap.com/#/notes/2885671 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6188
https://notcve.org/view.php?id=CVE-2020-6188
12 Feb 2020 — VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check. Los reportes de VAT Pro-Rata en SAP ERP (SAP_APPL versiones 600, 602, 603, 604, 605, 606, 616 y SAP_FIN versiones 617, 618, 700, 720, 730) y SAP S/4 HANA (versiones 100, 101, 102 , 103, 104), no realizan las comprobac... • https://launchpad.support.sap.com/#/notes/2857511 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0350
https://notcve.org/view.php?id=CVE-2019-0350
04 Nov 2019 — SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection request, which crashes the indexserver of an SAP HANA instance, leading to Denial of Service SAP HANA Database, versiones 1.0, 2.0, permite a un atacante no autorizado enviar una petición de conexión malformada, que bloquea el indexserver de una instancia SAP HANA, conllevando a la denegación de servicio • https://launchpad.support.sap.com/#/notes/2798243 •