CVE-2021-21492
https://notcve.org/view.php?id=CVE-2021-21492
SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when directory listing is enabled. SAP NetWeaver Application Server Java (HTTP Service), versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba suficientemente el grupo de inicio de sesión en las URL, resultando en una vulnerabilidad de suplantación de contenido cuando la lista de directorios está habilitada • https://launchpad.support.sap.com/#/notes/3025637 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 • CWE-290: Authentication Bypass by Spoofing •
CVE-2021-21491
https://notcve.org/view.php?id=CVE-2021-21491
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. SAP Netweaver Application Server Java (Aplicaciones basadas en WebDynpro Java) versiones 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permiten a un atacante redireccionar a usuarios a un sitio malicioso debido a vulnerabilidades de Reverse Tabnabbing • https://launchpad.support.sap.com/#/notes/2976947 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-26829 – SAP Netweaver JAVA 7.50 Missing Authorization
https://notcve.org/view.php?id=CVE-2020-26829
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely. SAP NetWeaver AS JAVA (P2P Cluster Communication), versiones - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permite conexiones arbitrarias de procesos debido a una falta de comprobación de autenticación, que están fuera del clúster e incluso fuera del segmento de red dedicado para la comunicación interna del clúster. Como resultado, un atacante no autenticado puede invocar determinadas funciones que de otro modo estarían restringidas sólo a los administradores del sistema, incluyendo el acceso a las funciones de administración del sistema o apagando el sistema por completo A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication in order to connect to the respective TCP ports and perform different privileged actions. SAP Netweaver JAVA versions 7.10 through 7.50 are affected. • http://packetstormsecurity.com/files/163166/SAP-Netweaver-JAVA-7.50-Missing-Authorization.html http://seclists.org/fulldisclosure/2021/Jun/33 https://launchpad.support.sap.com/#/notes/2974774 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 • CWE-306: Missing Authentication for Critical Function •
CVE-2020-26816
https://notcve.org/view.php?id=CVE-2020-26816
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems. SAP AS JAVA (Key Storage Service), versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, posee el material de claves que es almacenado en el servicio SAP NetWeaver AS Java Key Storage almacenado en la base de datos en el formato codificado DER. y no está cifrado. Esto permite a un atacante que tiene acceso de administrador a SAP NetWeaver AS Java decodificar las claves debido a la falta de cifrado y obtener algunos datos de la aplicación y las credenciales de cliente de los sistemas adyacentes. • https://launchpad.support.sap.com/#/notes/2971163 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-26820
https://notcve.org/view.php?id=CVE-2020-26820
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it. SAP NetWeaver AS JAVA, versiones - 7.20, 7.30, 7.31, 7.40, 7.50, permite a un atacante que es autenticado como administrador usar la consola de administrador, exponer el acceso no autenticado al sistema de archivos y cargar un archivo malicioso. El atacante u otro usuario pueden usar un mecanismo separado para ejecutar los comandos del Sistema Operativo por medio del archivo cargado conllevando a una Escalada de Privilegios y comprometer completamente la confidencialidad, integridad y disponibilidad del sistema operativo del servidor y cualquier aplicación que se ejecute en él • http://packetstormsecurity.com/files/162086/SAP-Java-OS-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2021/Apr/7 https://launchpad.support.sap.com/#/notes/2979062 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 • CWE-434: Unrestricted Upload of File with Dangerous Type •