CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27627 – SAP NetWeaver ABAP IGS Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27627
09 Jun 2021 — SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt() which will trigger an internal memory corruption error in the system causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. SAP Internet Graphics Service, ver... • https://launchpad.support.sap.com/#/notes/3021050 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-27633 – SAP NetWeaver ABAP Gateway Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27633
09 Jun 2021 — SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, ... • https://launchpad.support.sap.com/#/notes/3020209 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-27631 – SAP NetWeaver ABAP Enqueue Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27631
09 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In ... • https://launchpad.support.sap.com/#/notes/3020104 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-27606 – SAP NetWeaver ABAP Enqueue Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27606
09 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In th... • https://launchpad.support.sap.com/#/notes/3020104 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27611
https://notcve.org/view.php?id=CVE-2021-27611
11 May 2021 — SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service. SAP NetWeaver AS ABAP, versiones - 700, 701, 702, 730, 731, permiten a un atacante muy privilegiado inyectar código malicioso al ejecutar un reporte ABAP cuando el atacante tiene acceso al sistema SAP local. El atacante p... • https://launchpad.support.sap.com/#/notes/3046610 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2021-27618
https://notcve.org/view.php?id=CVE-2021-27618
11 May 2021 — The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application. Integration Builder Framework de SAP Process Integration versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba la extensión del tipo de archivo d... • https://launchpad.support.sap.com/#/notes/3012021 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2021-27617
https://notcve.org/view.php?id=CVE-2021-27617
11 May 2021 — The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability. Integration Builder Framework de SAP Process Integration versiones - 7.10, 7.11, 7.20, 7.30, ... • https://launchpad.support.sap.com/#/notes/3012021 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27599
https://notcve.org/view.php?id=CVE-2021-27599
14 Apr 2021 — SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted. SAP NetWeaver ABAP Server y ABAP Platform (Process Integration - Integration Builder Framework), versiones - 7.10, 7.30, 7.31, 7.40, 7.50, permiten que un atacante acceda a información bajo determinadas condiciones, que de otro modo estarían restringidas • https://launchpad.support.sap.com/#/notes/3012277 •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27604
https://notcve.org/view.php?id=CVE-2021-27604
14 Apr 2021 — In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. A fin de impedir una vulnerabilidad de XML External Entity en SAP NetWeaver ABAP Server y ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versiones - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recomienda consultar esta nota • https://launchpad.support.sap.com/#/notes/3036436 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21485
https://notcve.org/view.php?id=CVE-2021-21485
13 Apr 2021 — An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user. Un atacante no autorizado puede ser capaz de atraer a un administrador para que invoque comandos telnet de SAP NetWeaver Application Server para Java que permitan al atacante obtener hashes NTLM de un usuario privilegiado • https://launchpad.support.sap.com/#/notes/3001824 •