CVE-2023-26459 – Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2023-26459
Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability. • https://launchpad.support.sap.com/#/notes/3296346 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2023-23860
https://notcve.org/view.php?id=CVE-2023-23860
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. • https://launchpad.support.sap.com/#/notes/3268959 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-23859
https://notcve.org/view.php?id=CVE-2023-23859
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information. • https://launchpad.support.sap.com/#/notes/3268959 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-23853
https://notcve.org/view.php?id=CVE-2023-23853
An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability. • https://launchpad.support.sap.com/#/notes/3271227 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-41214
https://notcve.org/view.php?id=CVE-2022-41214
Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to delete a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the integrity and availability of the application. Debido a una validación de entrada insuficiente, SAP NetWeaver Application Server ABAP y ABAP Platform permiten a un atacante con privilegios de alto nivel utilizar una función remota habilitada para eliminar un archivo que de otro modo estaría restringido. Si se explota con éxito, un atacante puede comprometer completamente la integridad y disponibilidad de la aplicación. • https://launchpad.support.sap.com/#/notes/3256571 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-20: Improper Input Validation •