CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22540
https://notcve.org/view.php?id=CVE-2022-22540
09 Feb 2022 — SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. SAP NetWeaver AS ABAP (Workplace Server) - versiones 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, permite a un atacante ejecutar consultas a la base de dat... • https://launchpad.support.sap.com/#/notes/3140587 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 95%CPEs: 26EXPL: 3CVE-2022-22536 – SAP Multiple Products HTTP Request Smuggling Vulnerability
https://notcve.org/view.php?id=CVE-2022-22536
09 Feb 2022 — SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. SAP N... • https://github.com/antx-code/CVE-2022-22536 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2021-42067
https://notcve.org/view.php?id=CVE-2021-42067
14 Jan 2022 — In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible. En SAP NetWeaver AS for ABAP y ABAP Platform - versiones 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, un atacante autenticado como usuario norma... • https://launchpad.support.sap.com/#/notes/3112710 •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-44231
https://notcve.org/view.php?id=CVE-2021-44231
14 Dec 2021 — Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. Los informes de extracción de texto usados internamente permiten a un atacante inyectar código que puede ser ejecutado por la aplicación. Un atacante podría así controlar el comportamiento de la aplicación • https://launchpad.support.sap.com/#/notes/3119365 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2021-40496
https://notcve.org/view.php?id=CVE-2021-40496
12 Oct 2021 — SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details. SAP Internet Communication framework (ICM) - versio... • https://launchpad.support.sap.com/#/notes/3087254 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 26EXPL: 0CVE-2021-33684
https://notcve.org/view.php?id=CVE-2021-33684
14 Jul 2021 — SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itse... • https://launchpad.support.sap.com/#/notes/3032624 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-33677
https://notcve.org/view.php?id=CVE-2021-33677
14 Jul 2021 — SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. El servidor ABAP de SAP NetWeaver y la Plataforma ABAP, versiones - 700, 702, 730, 731, 804, 740, 750, 784, expone funciones al exterior que pueden conllevar a una divulgación de información • https://launchpad.support.sap.com/#/notes/3044754 •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-27610
https://notcve.org/view.php?id=CVE-2021-27610
16 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. SAP NetWeaver ABAP Server y ABAP Platform, versiones - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, no crea información sobre el usuario RFC intern... • https://launchpad.support.sap.com/#/notes/3007182 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-26818
https://notcve.org/view.php?id=CVE-2020-26818
10 Nov 2020 — SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP (Web Dynpro), versiones: 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que revela in... • https://launchpad.support.sap.com/#/notes/2971954 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-26819
https://notcve.org/view.php?id=CVE-2020-26819
10 Nov 2020 — SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro), versiones - 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que luego permite leer y eliminar archivos de registro de la base de datos debido a un Control de ... • https://launchpad.support.sap.com/#/notes/2971954 •