CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6224
https://notcve.org/view.php?id=CVE-2020-6224
14 Apr 2020 — SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. SAP NetWeaver AS Java (HTTP Service), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permite a un atacante con privilegios de administrador acceder a datos confidenciales del usuario, tales como contraseñas... • https://launchpad.support.sap.com/#/notes/2826528 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 13EXPL: 0CVE-2020-6205
https://notcve.org/view.php?id=CVE-2020-6205
10 Mar 2020 — SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability. SAP Ne... • https://launchpad.support.sap.com/#/notes/2884910 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2020-6203
https://notcve.org/view.php?id=CVE-2020-6203
10 Mar 2020 — SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal. SAP NetWeaver UDDI Server (Services Registry), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; permite a un atacante explotar la comprobación insuficiente de la información de la ruta proporci... • https://launchpad.support.sap.com/#/notes/2806198 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2020-6202
https://notcve.org/view.php?id=CVE-2020-6202
10 Mar 2020 — SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. SAP NetWeaver Application Server Java (User Management Engine), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; no comprueba suficientemente el documento XML de configuración de la fuente de datos LDAP aceptado desde una fuente no segura , con... • https://launchpad.support.sap.com/#/notes/2847787 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6181
https://notcve.org/view.php?id=CVE-2020-6181
12 Feb 2020 — Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. En algunas circunstancias, la implementación de SSO SAML en SAP NetWeaver (SAP_BASIS versiones 702, 730, 731, 740 y SAP ABAP Platform (SAP_BASIS versiones 750, 751, 752, 753, 754), permi... • https://launchpad.support.sap.com/#/notes/2880744 •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6187
https://notcve.org/view.php?id=CVE-2020-6187
12 Feb 2020 — SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. SAP NetWeaver (Guided Procedures), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba suficientemente la entrada de un documento XML de un administrador comprometido, conllevando a una Denegación de Servicio. • https://launchpad.support.sap.com/#/notes/2864415 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0391
https://notcve.org/view.php?id=CVE-2019-0391
13 Nov 2019 — Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. Bajo determinadas condiciones, SAP NetWeaver AS Java (corregido en versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50), permite a un atacante acceder a información que de otro modo estaría restringida. • https://launchpad.support.sap.com/#/notes/2835226 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0355
https://notcve.org/view.php?id=CVE-2019-0355
10 Sep 2019 — SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. SAP NetWeaver Application Server Java Web Container, ENGINEAPI (versiones anteriores a 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) y SAP-JEECOR (versiones anteriores a 6.40, 7.0, 7.01), permiten a un atacante in... • https://launchpad.support.sap.com/#/notes/2798336 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2019-0351
https://notcve.org/view.php?id=CVE-2019-0351
14 Aug 2019 — A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. Se prese... • https://launchpad.support.sap.com/#/notes/2800779 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0337
https://notcve.org/view.php?id=CVE-2019-0337
14 Aug 2019 — Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability Java Proxy Runtime de SAP NetWeaver Process Integration, versiones 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario y permite a un atacante ejecutar scripts maliciosos ... • https://launchpad.support.sap.com/#/notes/2789866 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •