CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-27606 – SAP NetWeaver ABAP Enqueue Memory Corruption
https://notcve.org/view.php?id=CVE-2021-27606
09 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In th... • https://launchpad.support.sap.com/#/notes/3020104 • CWE-125: Out-of-bounds Read •
CVSS: 9.6EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21481
https://notcve.org/view.php?id=CVE-2021-21481
09 Mar 2021 — The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in complete compromise of system confidentiality, integrity, and availability. MigrationService, que forma parte de SAP NetWeaver versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no lleva a cabo una comprobación de aut... • https://launchpad.support.sap.com/#/notes/3022422 • CWE-863: Incorrect Authorization •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6285
https://notcve.org/view.php?id=CVE-2020-6285
14 Jul 2020 — SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. SAP NetWeaver - XML ??Toolkit for JAVA (ENGINEAPI) (versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), bajo determinadas condiciones, permite a un atacante acceder a información que de otro modo estaría restringida, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2932473 •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6203
https://notcve.org/view.php?id=CVE-2020-6203
10 Mar 2020 — SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal. SAP NetWeaver UDDI Server (Services Registry), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; permite a un atacante explotar la comprobación insuficiente de la información de la ruta proporci... • https://launchpad.support.sap.com/#/notes/2806198 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6181
https://notcve.org/view.php?id=CVE-2020-6181
12 Feb 2020 — Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. En algunas circunstancias, la implementación de SSO SAML en SAP NetWeaver (SAP_BASIS versiones 702, 730, 731, 740 y SAP ABAP Platform (SAP_BASIS versiones 750, 751, 752, 753, 754), permi... • https://launchpad.support.sap.com/#/notes/2880744 •
CVSS: 7.5EPSS: 27%CPEs: 4EXPL: 1CVE-2013-1593
https://notcve.org/view.php?id=CVE-2013-1593
23 Jan 2020 — A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. Se presenta una vulnerabilidad de Denegación de Servicio en la función WRITE_C en el módulo msg_server.exe en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, cuando se envía un paquete de SAP Message Server diseñado hacia los puertos TCP 36NN y/o 39NN. • http://www.securityfocus.com/bid/57956 • CWE-129: Improper Validation of Array Index •
CVSS: 10.0EPSS: 86%CPEs: 4EXPL: 3CVE-2013-1592 – SAP NetWeaver Message Server - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1592
23 Jan 2020 — A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de Desbordamiento de Búfer en la función _MsJ2EE_AddStatistics() del servicio Message Server cuando se envían paquetes de SAP Message Server especialmente diseñ... • https://www.exploit-db.com/exploits/24511 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2020-6304
https://notcve.org/view.php?id=CVE-2020-6304
14 Jan 2020 — Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. Una comprobación de entrada inapropiada en SAP NetWeaver Internet Communication Manager (actualización proporcionada en KRNL32NUC & KRNL32UC versiones 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC... • https://launchpad.support.sap.com/#/notes/2848498 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0351
https://notcve.org/view.php?id=CVE-2019-0351
14 Aug 2019 — A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. Se prese... • https://launchpad.support.sap.com/#/notes/2800779 •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
08 Jan 2019 — Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 •