CVSS: 9.9EPSS: 92%CPEs: 4EXPL: 1CVE-2021-38163 – SAP NetWeaver Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2021-38163
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable. SAP NetWeaver (Visual Composer 7.0 RT) versiones - 7.30, 7.31, 7.40, 7.50, sin restricción, un atacante autenticado como usuario no administrativo puede cargar un archivo malicioso a través de la red y desencadenar su procesamiento, que es capaz de ejecutar comandos del sistema operativo con el privilegio del proceso del servidor Java. Estos comandos pueden ser usados para leer o modificar cualquier información en el servidor o apagar el servidor haciendo que no esté disponible SAP NetWeaver contains a vulnerability that allows unrestricted file upload. • https://github.com/core1impact/CVE-2021-38163 https://launchpad.support.sap.com/#/notes/3084487 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37535
https://notcve.org/view.php?id=CVE-2021-37535
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. SAP NetWeaver Application Server Java (JMS Connector Service) - versiones 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no realiza las comprobaciones de autorización necesarias para los privilegios de los usuarios • https://launchpad.support.sap.com/#/notes/3078609 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 • CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21489
https://notcve.org/view.php?id=CVE-2021-21489
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content. SAP NetWeaver Enterprise Portal versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifican suficientemente los datos relacionados con el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado. Esto permitiría a un atacante con privilegios administrativos almacenar un script malicioso en el portal. • https://launchpad.support.sap.com/#/notes/3082219 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37531
https://notcve.org/view.php?id=CVE-2021-37531
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system. SAP NetWeaver Knowledge Management XML Forms versiones - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contienen una vulnerabilidad de tipo XSLT que permite a un atacante autenticado no administrativo diseñar un archivo de hoja de estilo XSL malicioso que contenga un script con comandos a nivel de sistema operativo, copiarlo en una ubicación a la que pueda acceder el sistema y, a continuación, crear un archivo que desencadene el motor XSLT para ejecutar el script contenido en el archivo XSL malicioso. Esto puede resultar en un compromiso total de la confidencialidad, integridad y disponibilidad del sistema • http://packetstormsecurity.com/files/165751/SAP-Enterprise-Portal-XSLT-Injection.html http://seclists.org/fulldisclosure/2022/Jan/75 https://launchpad.support.sap.com/#/notes/3081888 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-33702
https://notcve.org/view.php?id=CVE-2021-33702
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. En determinadas condiciones, NetWeaver Enterprise Portal, versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente los datos de los informes. Un atacante puede diseñar datos maliciosos e imprimirlos en el informe. • http://packetstormsecurity.com/files/165737/SAP-Enterprise-Portal-NavigationReporter-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2022/Jan/70 https://launchpad.support.sap.com/#/notes/3073681 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •