CVE-2020-26829 – SAP Netweaver JAVA 7.50 Missing Authorization
https://notcve.org/view.php?id=CVE-2020-26829
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely. SAP NetWeaver AS JAVA (P2P Cluster Communication), versiones - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permite conexiones arbitrarias de procesos debido a una falta de comprobación de autenticación, que están fuera del clúster e incluso fuera del segmento de red dedicado para la comunicación interna del clúster. Como resultado, un atacante no autenticado puede invocar determinadas funciones que de otro modo estarían restringidas sólo a los administradores del sistema, incluyendo el acceso a las funciones de administración del sistema o apagando el sistema por completo A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication in order to connect to the respective TCP ports and perform different privileged actions. SAP Netweaver JAVA versions 7.10 through 7.50 are affected. • http://packetstormsecurity.com/files/163166/SAP-Netweaver-JAVA-7.50-Missing-Authorization.html http://seclists.org/fulldisclosure/2021/Jun/33 https://launchpad.support.sap.com/#/notes/2974774 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 • CWE-306: Missing Authentication for Critical Function •
CVE-2020-26816
https://notcve.org/view.php?id=CVE-2020-26816
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems. SAP AS JAVA (Key Storage Service), versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, posee el material de claves que es almacenado en el servicio SAP NetWeaver AS Java Key Storage almacenado en la base de datos en el formato codificado DER. y no está cifrado. Esto permite a un atacante que tiene acceso de administrador a SAP NetWeaver AS Java decodificar las claves debido a la falta de cifrado y obtener algunos datos de la aplicación y las credenciales de cliente de los sistemas adyacentes. • https://launchpad.support.sap.com/#/notes/2971163 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-6370
https://notcve.org/view.php?id=CVE-2020-6370
SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver Design Time Repository (DTR), versiones - 7.11, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://launchpad.support.sap.com/#/notes/2939419 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-6365
https://notcve.org/view.php?id=CVE-2020-6365
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits. SAP NetWeaver AS Java, versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, la página de inicio permite a un atacante remoto no autenticado redireccionar a usuarios hacia un sitio malicioso debido a una comprobación insuficiente de URL de tabnabbing inverso. El atacante podría ejecutar ataques de phishing para robar las credenciales de la víctima o para redireccionar a los usuarios hacia páginas web no confiables que contienen malware o explotaciones maliciosos similares • https://launchpad.support.sap.com/#/notes/2969828 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2020-6319
https://notcve.org/view.php?id=CVE-2020-6319
SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting. SAP NetWeaver Application Server Java, versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, permite a un atacante no autenticado incluir bloques de JavaScript en cualquier página web o URL con diferentes símbolos que de otro modo no están permitidos. En una explotación con éxito, un atacante puede robar información de autenticación del usuario, tal y como datos relacionados con su sesión actual e impactar de manera limitada la confidencialidad e integridad de la aplicación, conllevando a una vulnerabilidad de tipo Cross Site Scripting Reflejado • https://launchpad.support.sap.com/#/notes/2956398 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •