CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3130
https://notcve.org/view.php?id=CVE-2014-3130
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. Las herramientas de documentación y traducción ABAP Help (BC-DOC-HLP) en Basis en SAP Netweaver ABAP Application Server no restringe debidamente acceso, lo que permite a usuarios locales ganar privilegios y ejecutar instrucciones ABAP a través de mensajes de ayuda manipulados. • http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Apr/302 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009 http://www.securityfocus.com/bid/67108 https://service.sap.com/sap/support/notes/1910914 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3133
https://notcve.org/view.php?id=CVE-2014-3133
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. SAP Netweaver Java Application Server no restringe debidamente acceso, lo que permite a atacantes remotos obtener la lista de sistemas SAP registrados en un SLD a través de un webdynpro no especificado, relacionado con SystemSelection. • http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Apr/301 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008 http://www.securityfocus.com/bid/67104 https://service.sap.com/sap/support/notes/1922547 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0CVE-2009-4603
https://notcve.org/view.php?id=CVE-2009-4603
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. vulnerabilidad inespecífica en sapstartsrv.exe en el kernel SAP v6.40, v7.00, v7.01, v7.10, v7.11, y v7.20, tal y como se utiliza en SAP NetWeaver v7.x y SAP Web Application Server v6.x y v7.x, permite a atacantes remotos producir una denegación de servicio (apagado de la consola de administración) a través de una petición manipulada. • http://secunia.com/advisories/37684 http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf http://www.securityfocus.com/bid/37286 http://www.securitytracker.com/id?1023319 https://service.sap.com/sap/support/notes/1302231 •