CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6190
https://notcve.org/view.php?id=CVE-2020-6190
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. Determinados endpoints vulnerables en SAP NetWeaver AS Java (Heap Dump Application), versiones 7.30, 7.31, 7.40, 7.50, proporcionan información valiosa sobre el sistema tal y como el nombre de host, el nodo del servidor y la ruta de instalación que podría ser usada inapropiadamente por parte de un atacante, conllevando a una Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2838835 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6187
https://notcve.org/view.php?id=CVE-2020-6187
SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. SAP NetWeaver (Guided Procedures), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba suficientemente la entrada de un documento XML de un administrador comprometido, conllevando a una Denegación de Servicio. • https://launchpad.support.sap.com/#/notes/2864415 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6193
https://notcve.org/view.php?id=CVE-2020-6193
SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver (Knowledge Management ICE Service), versiones 7.30, 7.31, 7.40, 7.50, permite a un atacante no autenticado ejecutar scripts maliciosos, conllevando a una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejada. • https://launchpad.support.sap.com/#/notes/2873012 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0391
https://notcve.org/view.php?id=CVE-2019-0391
Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. Bajo determinadas condiciones, SAP NetWeaver AS Java (corregido en versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50), permite a un atacante acceder a información que de otro modo estaría restringida. • https://launchpad.support.sap.com/#/notes/2835226 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0356
https://notcve.org/view.php?id=CVE-2019-0356
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP NetWeaver Process Integration Runtime Workbench - MESSAGING y SAP_XIAF (anterior a las versiones 7.31, 7.40, 7.50) permiten que un atacante acceda a información que de otro modo estaría restringida. • https://launchpad.support.sap.com/#/notes/2802521 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 •