CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41732 – Improper Access Control in SAP Netweaver Application Server ABAP
https://notcve.org/view.php?id=CVE-2024-41732
13 Aug 2024 — SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application. • https://me.sap.com/notes/3468102 • CWE-284: Improper Access Control •
CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-33005 – Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server
https://notcve.org/view.php?id=CVE-2024-33005
13 Aug 2024 — Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications. Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and J... • https://me.sap.com/notes/3438085 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34685 – [CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor
https://notcve.org/view.php?id=CVE-2024-34685
09 Jul 2024 — Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application but it has a low impact on its confidentiality and integrity. Debido a la codificación débil de la entrada controlada por el usuario en SAP NetWeaver Knowledge Management XMLEditor, que permite que se puedan ejecutar scripts m... • https://me.sap.com/notes/3468681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28164 – Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures)
https://notcve.org/view.php?id=CVE-2024-28164
11 Jun 2024 — SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the application. SAP NetWeaver AS Java (CAF - Procedimientos guiados) permite que un usuario no autenticado acceda a información no confidencial sobre el servidor que de otro modo estaría restringida y causaría un bajo impacto en la confidencialidad de la aplicación. SAP NetWeaver AS Java (CAF - Guided... • https://me.sap.com/notes/3425571 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33001 – Denial of service (DOS) in SAP NetWeaver and ABAP platform
https://notcve.org/view.php?id=CVE-2024-33001
11 Jun 2024 — SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application. La plataforma SAP NetWeaver y ABAP permite a un atacante impedir el rendimiento de usuarios legítimos bloqueando o inundando el servicio. Un impacto de... • https://me.sap.com/notes/3453170 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34688 – Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository)
https://notcve.org/view.php?id=CVE-2024-34688
11 Jun 2024 — Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability of the application. Debido al acceso sin restricciones a los servicios del Meta Model Repository en SAP NetWeaver AS Java, los atacantes pueden realizar ataques DoS en la aplicación, lo que puede impedir que los u... • https://me.sap.com/notes/3460407 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33006 – File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-33006
14 May 2024 — An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. Un atacante no autenticado puede cargar un archivo malicioso en el servidor al que, cuando una víctima accede, puede permitir que un atacante comprometa completamente el sistema. • https://me.sap.com/notes/3448171 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34687 – Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-34687
14 May 2024 — SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, including accessing or deleting files, or stealing session cookies which an attacker could use to hijack a user’s session. Hence, this could have impact on Confidentiality, Integrity and Availability of the system. SAP Ne... • https://me.sap.com/notes/3448445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-30218 – Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-30218
09 Apr 2024 — The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. El servidor de aplicaciones ABAP de SAP NetWeaver, así como la plataforma ABAP, permiten a un atacante impedir que usuarios legítimos accedan a un servicio, ya sea bloqueando o inundando el servicio. Esto tiene un impacto considerable en la disponibilidad. The ABAP Applic... • https://me.sap.com/notes/3359778 • CWE-400: Uncontrolled Resource Consumption CWE-605: Multiple Binds to the Same Port •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27899 – Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine
https://notcve.org/view.php?id=CVE-2024-27899
09 Apr 2024 — Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability. Self-Registration and Modify your own profile en User Admin Application de NetWeaver AS Java no exige requisitos de seguridad adecuados para el contenido de la respuesta de seguridad reci... • https://me.sap.com/notes/3434839 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •