CVE-2019-0351
https://notcve.org/view.php?id=CVE-2019-0351
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. Se presenta una vulnerabilidad de ejecución de código remota en SAP NetWeaver UDDI Server (Services Registry), versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Debido a esto, un atacante puede explotar el Services Registry potencialmente permitiéndoles tomar el control completo del producto, incluyendo visualizar, cambiar o eliminar datos mediante la inyección de código en la memoria de trabajo que posteriormente es ejecutada por la aplicación. • https://launchpad.support.sap.com/#/notes/2800779 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 •
CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 https://launchpad.support.sap.com/#/notes/2723142 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •
CVE-2018-2477
https://notcve.org/view.php?id=CVE-2018-2477
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. Knowledge Management (XMLForms) en SAP NetWeaver, 7.30, 7.31, 7.40 y 7.50 no valida lo suficiente un documento XML aceptado de una fuente no fiable. • http://www.securityfocus.com/bid/105901 https://launchpad.support.sap.com/#/notes/2661740 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVE-2018-2470
https://notcve.org/view.php?id=CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. En SAP NetWeaver Application Server for ABAP desde la versión 7.0 hasta la 7.02, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.53, las aplicaciones no cifran lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105551 https://launchpad.support.sap.com/#/notes/2684760 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2462
https://notcve.org/view.php?id=CVE-2018-2462
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. En ciertos casos, BEx Web Java Runtime Export Web Service en SAP NetWeaver BI 7.30, 7.31, 7.40, 7.41 y 7.50 no valida lo suficiente un documento XML aceptado de una fuente no fiable. • http://www.securityfocus.com/bid/105326 https://launchpad.support.sap.com/#/notes/2644279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-20: Improper Input Validation •