CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6181
https://notcve.org/view.php?id=CVE-2020-6181
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. En algunas circunstancias, la implementación de SSO SAML en SAP NetWeaver (SAP_BASIS versiones 702, 730, 731, 740 y SAP ABAP Platform (SAP_BASIS versiones 750, 751, 752, 753, 754), permite a un atacante incluir datos invalidados en encabezado de respuesta HTTP enviado a un usuario Web, conllevando a una vulnerabilidad de División de Respuesta HTTP. • https://launchpad.support.sap.com/#/notes/2880744 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0351
https://notcve.org/view.php?id=CVE-2019-0351
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. Se presenta una vulnerabilidad de ejecución de código remota en SAP NetWeaver UDDI Server (Services Registry), versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Debido a esto, un atacante puede explotar el Services Registry potencialmente permitiéndoles tomar el control completo del producto, incluyendo visualizar, cambiar o eliminar datos mediante la inyección de código en la memoria de trabajo que posteriormente es ejecutada por la aplicación. • https://launchpad.support.sap.com/#/notes/2800779 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 https://launchpad.support.sap.com/#/notes/2723142 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2470
https://notcve.org/view.php?id=CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. En SAP NetWeaver Application Server for ABAP desde la versión 7.0 hasta la 7.02, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.53, las aplicaciones no cifran lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105551 https://launchpad.support.sap.com/#/notes/2684760 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2464
https://notcve.org/view.php?id=CVE-2018-2464
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. SAP WebDynpro Java 7.20, 7.30, 7.31, 7.40 y 7.50 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/105308 https://launchpad.support.sap.com/#/notes/2679378 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •