CVE-2014-2748
https://notcve.org/view.php?id=CVE-2014-2748
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information. La funcionalidad de registro de auditoría de seguridad en SAP Enhancement Package (EHP) 6 para SAP ERP 6.0 permite a atacantes remotos modificar o eliminar clases de registro arbitrarias a través de vectores no especificados. NOTA: algunos de estos detalles se obtienen de información de terceras partes. • http://secunia.com/advisories/57741 http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002 http://www.onapsis.com/research-advisories.php https://exchange.xforce.ibmcloud.com/vulnerabilities/92334 https://service.sap.com/sap/support/notes/1926485 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6284
https://notcve.org/view.php?id=CVE-2013-6284
Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability." Vulnerabilidad sin especificar en el componente Statutory Reporting for Insurance (FS_SR) del módulo Financial Services para SAP ERP Central Component (ECC) permite a atacantes ejecutar código arbitrario a través de vectores sin especificar, relacionados con una inyección de código. • http://scn.sap.com/docs/DOC-8218 http://www.layersevensecurity.com/docs/Layer%20Seven%20Security_Advisory_September%202013.pdf https://service.sap.com/sap/support/notes •
CVE-2013-3244
https://notcve.org/view.php?id=CVE-2013-3244
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request. Múltiples vulnerabilidades no especificadas en la función CJDB_FILL_MEMORY_FROM_PPB en el módulo del Sistema de proyectos (PS-IS) de SAP ERP Central Component (ECC), que permite a atacantes remotos ejecutar código arbitrario a través de un (1) RFC o (2) la solicitud SOAP RFC. • http://scn.sap.com/docs/DOC-8218 http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/58-remote-code-injection-in-sap-erp-project-system.html https://service.sap.com/sap/support/notes/1776695 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-3061
https://notcve.org/view.php?id=CVE-2013-3061
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. La función ishmed-PATRED_TRANSACT_RFCCALL en el componente Industry-Specific Component Hospital IS-H en la solución SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), permite a los usuarios remotos autenticados evitar las restricciones de operación que se pretende a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html http://scn.sap.com/docs/DOC-8218 http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare https://service.sap.com/sap/support/notes/1691744 • CWE-264: Permissions, Privileges, and Access Controls •