CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1309
https://notcve.org/view.php?id=CVE-2015-1309
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. Vulnerabilidad de entidad externa XML en Extended Computer Aided Test Tool (eCATT) en SAP NetWeaver AS ABAP 7.31 y anteriores permite a atacantes remotos acceder a ficheros arbitrarios a través de una solicitud XML manipulada, relacionado con ECATT_DISPLAY_XMLSTRING_REMOTE, también conocido como SAP Nota 2016638. • http://secunia.com/advisories/62469 https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8312
https://notcve.org/view.php?id=CVE-2014-8312
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. Business Warehouse (BW) en SAP Netweaver AS ABAP 7.31 permite a usuarios remotos autenticados obtener información sensible a través de peticiones a la función RFC RSDU_CCMS_GET_PROFILE_PARAM. • http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Oct/38 http://secunia.com/advisories/61101 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033 http://www.securityfocus.com/archive/1/533645/100/0/threaded http://www.securityfocus.com/bid/70292 https://exchange.xforce.ibmcloud.com/vulnerabilities/96877 https://service.sap.com/sap/support/notes/196778 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3130
https://notcve.org/view.php?id=CVE-2014-3130
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. Las herramientas de documentación y traducción ABAP Help (BC-DOC-HLP) en Basis en SAP Netweaver ABAP Application Server no restringe debidamente acceso, lo que permite a usuarios locales ganar privilegios y ejecutar instrucciones ABAP a través de mensajes de ayuda manipulados. • http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Apr/302 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009 http://www.securityfocus.com/bid/67108 https://service.sap.com/sap/support/notes/1910914 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 10%CPEs: 3EXPL: 0CVE-2012-4341
https://notcve.org/view.php?id=CVE-2012-4341
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. Múltiples vulnerabilidades de desbordamiento de búfer basado en pila, en msg_server.exe en SAP NetWeaver ABAP v7.x permite a atacantes remotos causar una denegación de servicio (crash) y ejecutar código arbitrario a través de (1) un valor grande en un parámetro, (2) un campo de cadena manipulado, o (3) una cadena larga como nombre de parámetro en un paquete con (opcode) 0x43 y (sub opcode 0x4) a un puerto TCP 3900. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/49744 http://www.securitytracker.com/id?1027211 http://www.zerodayinitiative.com/advisories/ZDI-12-104 http://www.zerodayinitiative.com/advisories/ZDI-12-111 http://www.zerodayinitiative.com/advisories/ZDI-12-112 https://service.sap.com/sap/support/notes/1649838 https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •