CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28217
https://notcve.org/view.php?id=CVE-2022-28217
13 Jun 2022 — Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by causing system to crash. Alguna parte de SAP NetWeaver (EP Web Page Composer) no valida suficientemente un documento XML aceptado desde una fuente no fiable, lo que permite a un adversario explotar el estacionamiento... • https://launchpad.support.sap.com/#/notes/3148377 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6220
https://notcve.org/view.php?id=CVE-2020-6220
06 Jun 2022 — BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. BI Launchpad y CMC en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS). La... • https://launchpad.support.sap.com/#/notes/2878507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29617
https://notcve.org/view.php?id=CVE-2022-29617
06 Jun 2022 — Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. Debido a un manejo inapropiado de errores, un usuario autenticado puede bloquear la instancia del asistente CLA. Esto podría afectar a la disponibilidad de la aplicación • https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-29616
https://notcve.org/view.php?id=CVE-2022-29616
11 May 2022 — SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. SAP Host Agent, SAP NetWeaver y ABAP Platform permiten a un atacante aprovechar errores lógicos en la administración de la memoria para causar una corrupción de memoria • https://launchpad.support.sap.com/#/notes/3145702 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29613
https://notcve.org/view.php?id=CVE-2022-29613
11 May 2022 — Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. Debido a una comprobación de entrada insuficiente, SAP Employee Self Service permite a un atacante autenticado con privilegios de usuario alterar el número de empleado. Si es explotado con éxito, el atacante puede visualiz... • https://launchpad.support.sap.com/#/notes/3164677 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2022-29611
https://notcve.org/view.php?id=CVE-2022-29611
11 May 2022 — SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. SAP NetWeaver Application Server for ABAP y ABAP Platform no llevan a cabo las comprobaciones de autorización necesarias para un usuario autenticado, resultando en una escalada de privilegios • https://launchpad.support.sap.com/#/notes/3165801 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-29610
https://notcve.org/view.php?id=CVE-2022-29610
11 May 2022 — SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. SAP NetWeaver Application Server ABAP permite que un atacante autenticado cargue archivos maliciosos y elimine (tema) datos, lo que podría resultar en un ataque de tipo Cross-Site Scripting (XSS) Almacenado • https://launchpad.support.sap.com/#/notes/3146336 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28774
https://notcve.org/view.php?id=CVE-2022-28774
11 May 2022 — Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. Bajo determinadas condiciones, el archivo de registro del Agente SAP Host muestra información que de otro modo estaría restringida • https://launchpad.support.sap.com/#/notes/3158188 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-28214
https://notcve.org/view.php?id=CVE-2022-28214
11 May 2022 — During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. Durante una actualización de SAP BusinessObjects Enterprise, Central Management Server (CMS) - versiones 420, 430, las credenciales de autenticación están siendo expuestas en los registros de eventos de Sysmon. Esta divulgación ... • https://launchpad.support.sap.com/#/notes/2998510 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2022-27656
https://notcve.org/view.php?id=CVE-2022-27656
11 May 2022 — The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. La interfaz de administración web de SAP Web Dispatcher y de Internet Communication Manager (ICM) no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://launchpad.support.sap.com/#/notes/3145046 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •