Page 26 of 144 results (0.002 seconds)

CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-2503

https://notcve.org/view.php?id=CVE-2018-2503

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). Por defecto, el almacén de claves Java de SAP NetWeaver AS no restringe lo suficiente el acceso a recursos que deberían estar protegidos. Esto ha sido solucionado en SAP NetWeaver AS Java (ServerCore en versiones 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50). • http://www.securityfocus.com/bid/106156 https://launchpad.support.sap.com/#/notes/2658279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-862: Missing Authorization •

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-2492

https://notcve.org/view.php?id=CVE-2018-2492

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. La funcionalidad de SAML 2.0 en SAP NetWeaver AS Java no valida lo suficiente los documentos XML recibidos de una fuente no fiable. La vulnerabilidad se ha solucionado en las versiones 7.2, 7.30, 7.31, 7.40 y 7.50. • http://www.securityfocus.com/bid/106153 https://launchpad.support.sap.com/#/notes/2642680 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2018-2477

https://notcve.org/view.php?id=CVE-2018-2477

Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. Knowledge Management (XMLForms) en SAP NetWeaver, 7.30, 7.31, 7.40 y 7.50 no valida lo suficiente un documento XML aceptado de una fuente no fiable. • http://www.securityfocus.com/bid/105901 https://launchpad.support.sap.com/#/notes/2661740 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 • CWE-91: XML Injection (aka Blind XPath Injection) •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-2470

https://notcve.org/view.php?id=CVE-2018-2470

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. En SAP NetWeaver Application Server for ABAP desde la versión 7.0 hasta la 7.02, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.53, las aplicaciones no cifran lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105551 https://launchpad.support.sap.com/#/notes/2684760 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2018-2452

https://notcve.org/view.php?id=CVE-2018-2452

The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. La aplicación de inicio de sesión de SAP NetWeaver AS Java desde la versión 7.10 hasta la 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105325 https://launchpad.support.sap.com/#/notes/2623846 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •