CVE-2020-6202
https://notcve.org/view.php?id=CVE-2020-6202
SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. SAP NetWeaver Application Server Java (User Management Engine), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; no comprueba suficientemente el documento XML de configuración de la fuente de datos LDAP aceptado desde una fuente no segura , conllevando a una Falta de Comprobación XML. • https://launchpad.support.sap.com/#/notes/2847787 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 • CWE-20: Improper Input Validation •
CVE-2019-0391
https://notcve.org/view.php?id=CVE-2019-0391
Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. Bajo determinadas condiciones, SAP NetWeaver AS Java (corregido en versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50), permite a un atacante acceder a información que de otro modo estaría restringida. • https://launchpad.support.sap.com/#/notes/2835226 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 •
CVE-2019-0389
https://notcve.org/view.php?id=CVE-2019-0389
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. Un administrador de SAP NetWeaver Application Server Java (J2EE-Framework), (corregido en las versiones 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), puede cambiar los privilegios para todas o algunas funciones en Java Server, y permitir a usuarios ejecutar funciones, que no son permitidas ejecutar de otro modo. • https://launchpad.support.sap.com/#/notes/2814357 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 •
CVE-2019-0355
https://notcve.org/view.php?id=CVE-2019-0355
SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) and SAP-JEECOR (before versions 6.40, 7.0, 7.01), allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. SAP NetWeaver Application Server Java Web Container, ENGINEAPI (versiones anteriores a 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) y SAP-JEECOR (versiones anteriores a 6.40, 7.0, 7.01), permiten a un atacante inyectar código que puede ser ejecutado por la aplicación. Un atacante podría de este modo controlar el comportamiento de la aplicación. • https://launchpad.support.sap.com/#/notes/2798336 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-0327
https://notcve.org/view.php?id=CVE-2019-0327
SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation. SAP NetWeaver para Java Application Server - Web Container, (engineapi, versiones 7.1, 7.2, 7.3, 7.31, 7.4 y 7.5), (servercode, versiones 7.2, 7.3, 7.31, 7.4, 7.5), permiten a un atacante cargar archivos (incluyendo archivos de script) sin la comprobación apropiada del formato del archivo. • http://www.securityfocus.com/bid/109071 https://launchpad.support.sap.com/#/notes/2777910 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-434: Unrestricted Upload of File with Dangerous Type •