CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-27632
https://notcve.org/view.php?id=CVE-2021-27632
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. SAP NetWeaver ABAP Server y ABAP Platform (Enqueue Server), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73, KERNEL - 7.22,8.04 , 7.49,7.53,7.73, permite a un atacante no autenticado sin conocimiento específico del sistema enviar un paquete especialmente diseñado a través de una red que desencadenará un error interno en el sistema debido a una comprobación inapropiada de entrada en el método EnqConvUniToSrvReq() causando el bloqueo del sistema y hacer que no esté disponible. En este ataque, ningún dato del sistema puede ser visualizado o modificado • https://launchpad.support.sap.com/#/notes/3020104 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-6324
https://notcve.org/view.php?id=CVE-2020-6324
SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting. SAP Netweaver AS ABAP(BSP Test Application sbspext_table), versión-700,701,720,730,731,740,750,751,752,753,754,755, permite a un atacante no autenticado enviar una URL contaminada a la víctima, cuando la víctima hace clic en esta URL, el atacante puede leer, modificar la información disponible en el navegador de la víctima llevando a Reflected Cross Site Scripting • https://launchpad.support.sap.com/#/notes/2948239 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6246
https://notcve.org/view.php?id=CVE-2020-6246
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado • https://launchpad.support.sap.com/#/notes/2878935 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6213
https://notcve.org/view.php?id=CVE-2020-6213
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs. SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) reflejado, por medio de diferentes parámetros URL ya que no codifica suficientemente las entradas controladas por usuario. • https://launchpad.support.sap.com/#/notes/2872752 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6217
https://notcve.org/view.php?id=CVE-2020-6217
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejada. • https://launchpad.support.sap.com/#/notes/2872545 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •