CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-21490
https://notcve.org/view.php?id=CVE-2021-21490
09 Jun 2021 — SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user. SAP NetWeaver AS para ABAP (Web Survey), versiones: 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F,... • https://launchpad.support.sap.com/#/notes/3004043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27611
https://notcve.org/view.php?id=CVE-2021-27611
11 May 2021 — SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service. SAP NetWeaver AS ABAP, versiones - 700, 701, 702, 730, 731, permiten a un atacante muy privilegiado inyectar código malicioso al ejecutar un reporte ABAP cuando el atacante tiene acceso al sistema SAP local. El atacante p... • https://launchpad.support.sap.com/#/notes/3046610 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 3CVE-2020-26832 – SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
https://notcve.org/view.php?id=CVE-2020-26832
09 Dec 2020 — SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailabl... • https://packetstorm.news/files/id/167229 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6371
https://notcve.org/view.php?id=CVE-2020-6371
15 Oct 2020 — User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. Una vulnerabilidad de enumeración de usuarios puede ser explotada para obtener una lista de cuentas de usuario y la información personal del usuario puede ser expuesta en SAP NetWeaver Application Server ABAP (aplicación de prueba POWL): versiones... • https://launchpad.support.sap.com/#/notes/2963137 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-6324
https://notcve.org/view.php?id=CVE-2020-6324
09 Sep 2020 — SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting. SAP Netweaver AS ABAP(BSP Test Application sbspext_table), versión-700,701,720,730,731,740,750,751,752,753,754,755, permite a un atacante no autenticado enviar una UR... • https://launchpad.support.sap.com/#/notes/2948239 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-6275
https://notcve.org/view.php?id=CVE-2020-6275
10 Jun 2020 — SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. SAP Netweaver AS ABAP, version... • https://launchpad.support.sap.com/#/notes/2912939 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6246
https://notcve.org/view.php?id=CVE-2020-6246
10 Jun 2020 — SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cro... • https://launchpad.support.sap.com/#/notes/2878935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2020-6240
https://notcve.org/view.php?id=CVE-2020-6240
12 May 2020 — SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service SAP NetWeaver AS ABAP (Web Dynpro ABAP), versiones (SAP_UI 750, 752, 753, 754 y SAP_BASIS 700, 710, 730, 731, 804), permite a un atacante no autenticado impedir a usuarios legítimos el acceso a un servicio, ya sea mediante el bloqueo o... • https://launchpad.support.sap.com/#/notes/2856923 •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6213
https://notcve.org/view.php?id=CVE-2020-6213
24 Apr 2020 — SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs. SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) reflejado, por medio de di... • https://launchpad.support.sap.com/#/notes/2872752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6217
https://notcve.org/view.php?id=CVE-2020-6217
14 Apr 2020 — SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting ... • https://launchpad.support.sap.com/#/notes/2872545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •