CVE-2022-29614 – SAP SAPControl Web Service Interface Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-29614
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. SAP startservice - de SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform y HANA Database - versiones KERNEL versiones 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49 49, 7.53, SAPHOSTAGENT 7.22, - en los sistemas Unix, el programa de ayuda s-bit sapuxuserchk, puede ser abusado físicamente resultando en una escalada de privilegios de un atacante que conlleva a un bajo impacto en la confidencialidad e integridad, pero un profundo impacto en la disponibilidad SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition. • http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2022/Sep/18 https://launchpad.support.sap.com/#/notes/3158619 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-269: Improper Privilege Management •
CVE-2022-29612
https://notcve.org/view.php?id=CVE-2022-29612
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. SAP NetWeaver, ABAP Platform y SAP Host Agent - versiones KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49 53, 8.04, SAPHOSTAGENT 7.22, permite a un usuario autenticado hacer un uso no debido de una función de sapcontrol webfunctionality(startservice) en el Kernel que permite a usuarios maliciosos recuperar información. Si es explotado con éxito, un atacante puede obtener información técnica como el número de sistema o la dirección física, que de otro modo está restringida, causando un impacto limitado en la confidencialidad de la aplicación • https://launchpad.support.sap.com/#/notes/3194674 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2022-27668 – SAP SAProuter Improper Access Control
https://notcve.org/view.php?id=CVE-2022-27668
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. Dependiendo de la configuración de la tabla de permisos de ruta en el archivo "saprouttab", es posible que un atacante no autenticado ejecute comandos de administración de SAProuter en SAP NetWeaver y ABAP Platform - versiones KERNEL 7. 49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, desde un cliente remoto, por ejemplo deteniendo el SAProuter, lo que podría tener un gran impacto en la disponibilidad de los sistemas SAP SAProuter suffers from an improper access control vulnerability where permitting loopback traffic can lead to unexpected behavior. • http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html http://seclists.org/fulldisclosure/2022/Sep/17 https://launchpad.support.sap.com/#/notes/3158375 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-863: Incorrect Authorization •
CVE-2022-29616
https://notcve.org/view.php?id=CVE-2022-29616
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. SAP Host Agent, SAP NetWeaver y ABAP Platform permiten a un atacante aprovechar errores lógicos en la administración de la memoria para causar una corrupción de memoria • https://launchpad.support.sap.com/#/notes/3145702 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-787: Out-of-bounds Write •
CVE-2022-27656
https://notcve.org/view.php?id=CVE-2022-27656
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. La interfaz de administración web de SAP Web Dispatcher y de Internet Communication Manager (ICM) no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://launchpad.support.sap.com/#/notes/3145046 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •