CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27658
https://notcve.org/view.php?id=CVE-2022-27658
28 Mar 2022 — Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. Bajo determinadas condiciones, SAP Innovation management - versión 2.0, permite a un atacante acceder a información que podría conllevar a una recopilación de información para otras explotaciones y ataques • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24397
https://notcve.org/view.php?id=CVE-2022-24397
09 Mar 2022 — SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. SAP NetWeaver Enterprise Portal - versiones 7.30, 7... • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26104
https://notcve.org/view.php?id=CVE-2022-26104
08 Mar 2022 — SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. SAP Financial Consolidation - versión 10.1, no lleva a cabo las comprobaciones de autorización necesarias para actualizar los mensajes de la página de inicio, resultando en que un usuario no autorizado pueda alterar el mensaje del sistema de mantenimiento • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26103
https://notcve.org/view.php?id=CVE-2022-26103
08 Mar 2022 — Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. Bajo determinadas condiciones, SAP NetWeaver (Real Time Messaging Framework) - versión 7.50, permite a un atacante acceder a información que podría conllevar a una recopilación de información para otras explotaciones y ataques • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 3CVE-2022-26101 – SAP Fiori Launchpad Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-26101
08 Mar 2022 — Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fiori launchpad - versiones 754, 755, 756, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-Site Scripting (XSS) The SAP Fiori launchpad suffers from a cross site scripting vulnerability. Various component versions are affected. • https://packetstorm.news/files/id/167561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-22547 – SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure
https://notcve.org/view.php?id=CVE-2022-22547
08 Mar 2022 — Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits. Simple Diagnostics Agent - versiones 1.0 (hasta la versión 1.57.), permite a un atacante acceder a información que de otro modo estaría restringida por medio de un puerto aleatorio 9000-65535. Esto permite una recopilación de información que ... • http://packetstormsecurity.com/files/167562/SAP-FRUN-Simple-Diagnostics-Agent-1.0-Information-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2022-24399 – SAP FRUN 2.00 / 3.00 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-24399
08 Mar 2022 — The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. El servicio REST de SAP Focused Run (Real User Monitoring) - versiones 200, 300, no sanea suficientemente el nombre de entrada del archivo usando multipart/form-data, resultando en una vulnerabilidad de tipo cross-Site Scripting (XSS) SAP Focused Run versions 2.00 and 3.00 suffer from a cross s... • https://packetstorm.news/files/id/167559 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24395
https://notcve.org/view.php?id=CVE-2022-24395
08 Mar 2022 — SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-Site Scripting (XSS) reflejado • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26100
https://notcve.org/view.php?id=CVE-2022-26100
08 Mar 2022 — SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system. SAPCAR - versión 7.22, no contiene suficiente comprobación de entradas en el archivo SAPCAR. Como resultado, el proceso SAPCAR puede fallar, y el atacante puede obtener acceso privilegiado al sistema • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-20: Improper Input Validation CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26102
https://notcve.org/view.php?id=CVE-2022-26102
08 Mar 2022 — Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application. Debido a ... • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-862: Missing Authorization •