CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0012 – Local Privilege Escalation in SAP Host Agent (Windows)
https://notcve.org/view.php?id=CVE-2023-0012
10 Jan 2023 — In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. • https://launchpad.support.sap.com/#/notes/3276120 • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41275
https://notcve.org/view.php?id=CVE-2022-41275
13 Dec 2022 — In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity. En SAP Solution Manager (Enterprise Search), versiones 740 y 750, un atacante no autenticado puede generar un enlace que, si un usuario que ha iniciado sesión hace clic en él, ... • https://launchpad.support.sap.com/#/notes/3271313 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41274
https://notcve.org/view.php?id=CVE-2022-41274
13 Dec 2022 — SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can lead to the exposure of data like financial reports. SAP Disclosure Management: versión 10.1, permite a un atacante autenticado explotar ciertos endpoints de aplicaciones mal configurados para leer datos confidenciales. Estos endpoints normalmente están expuestos a través... • https://launchpad.support.sap.com/#/notes/3266846 • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41273
https://notcve.org/view.php?id=CVE-2022-41273
13 Dec 2022 — Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP Sourcing URL, since the victim doesn’t suspect the threat, they click on the link, log in to SAP Sourcing and CLM and at this point, they get redirected to a malicious website. Debido a una sanitización inadecuada de... • https://launchpad.support.sap.com/#/notes/3270399 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41272
https://notcve.org/view.php?id=CVE-2022-41272
13 Dec 2022 — An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, lead... • https://github.com/redrays-io/CVE-2022-41272 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41271
https://notcve.org/view.php?id=CVE-2022-41271
13 Dec 2022 — An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any infor... • https://launchpad.support.sap.com/#/notes/3267780 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 8.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-41268
https://notcve.org/view.php?id=CVE-2022-41268
13 Dec 2022 — In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized transaction functionality. Under specific circumstances, a successful attack could enable an adversary to escalate their privileges to be able to read, change or delete system data. En algunos roles estándar de SAP en ... • https://launchpad.support.sap.com/#/notes/3271091 • CWE-269: Improper Privilege Management •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41267
https://notcve.org/view.php?id=CVE-2022-41267
13 Dec 2022 — SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. SAP Business Objects Platform: versiones 420 y 430, permite a un atacante con privilegios de usuario de BI normal cargar/reemplazar cualquier archivo en el servidor de Busines... • https://launchpad.support.sap.com/#/notes/3239475 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-41266
https://notcve.org/view.php?id=CVE-2022-41266
13 Dec 2022 — Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a DOM Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to steal user tokens and achieve a full account takeover including access to administrative tools in SAP Commerce. Debido a la falta de una validación de entrada adecuada, SAP Commerce Webservices 2.0 (Swagger UI... • https://launchpad.support.sap.com/#/notes/3248255 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2022-41264
https://notcve.org/view.php?id=CVE-2022-41264
13 Dec 2022 — Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application. Debido al alcance ilimitado del módulo de función... • https://launchpad.support.sap.com/#/notes/3268172 • CWE-94: Improper Control of Generation of Code ('Code Injection') •