CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2470
https://notcve.org/view.php?id=CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. En SAP NetWeaver Application Server for ABAP desde la versión 7.0 hasta la 7.02, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.53, las aplicaciones no cifran lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105551 https://launchpad.support.sap.com/#/notes/2684760 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2464
https://notcve.org/view.php?id=CVE-2018-2464
SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. SAP WebDynpro Java 7.20, 7.30, 7.31, 7.40 y 7.50 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/105308 https://launchpad.support.sap.com/#/notes/2679378 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2462
https://notcve.org/view.php?id=CVE-2018-2462
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source. En ciertos casos, BEx Web Java Runtime Export Web Service en SAP NetWeaver BI 7.30, 7.31, 7.40, 7.41 y 7.50 no valida lo suficiente un documento XML aceptado de una fuente no fiable. • http://www.securityfocus.com/bid/105326 https://launchpad.support.sap.com/#/notes/2644279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 91%CPEs: 4EXPL: 3CVE-2013-1592 – SAP NetWeaver Message Server - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1592
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de Desbordamiento de Búfer en la función _MsJ2EE_AddStatistics() del servicio Message Server cuando se envían paquetes de SAP Message Server especialmente diseñados hacia los puertos TCP remotos 36NN y/o 39NN en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, lo que podría permitir a un usuario malicioso remoto ejecutar código arbitrario. • https://www.exploit-db.com/exploits/24511 http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities http://www.exploit-db.com/exploits/24511 http://www.securityfocus.com/bid/57956 http://www.securitytracker.com/id/1028148 https://exchange.xforce.ibmcloud.com/vulnerabilities/82064 https://packetstormsecurity.com/files/cve/CVE-2013-1592 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 74%CPEs: 4EXPL: 1CVE-2013-1593
https://notcve.org/view.php?id=CVE-2013-1593
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. Se presenta una vulnerabilidad de Denegación de Servicio en la función WRITE_C en el módulo msg_server.exe en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, cuando se envía un paquete de SAP Message Server diseñado hacia los puertos TCP 36NN y/o 39NN. • http://www.securityfocus.com/bid/57956 http://www.securitytracker.com/id/1028148 https://exchange.xforce.ibmcloud.com/vulnerabilities/82065 https://packetstormsecurity.com/files/cve/CVE-2013-1593 https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities • CWE-129: Improper Validation of Array Index •