CVE-2017-16679
https://notcve.org/view.php?id=CVE-2017-16679
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. Vulnerabilidad de redirección de URL en SAP Startup Service; SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.52, que permite que un atacante redirija usuarios a un sitio malicioso. • http://www.securityfocus.com/bid/102157 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017 https://launchpad.support.sap.com/#/notes/2520995 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2017-16689
https://notcve.org/view.php?id=CVE-2017-16689
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. Una conexión RFC fiable en SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL desde la versión 7.21 hasta la 7.22, 7.45, 7.49, puede establecerse para un cliente o usuario diferentes en el mismo sistema aunque no se haya definido una relación Trusted/Trusting explícita con el mismo sistema. • http://www.securityfocus.com/bid/102144 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017 https://launchpad.support.sap.com/#/notes/2449757 • CWE-287: Improper Authentication •