CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-35170
https://notcve.org/view.php?id=CVE-2022-35170
12 Jul 2022 — SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no codifica suficientemente las entradas controladas por el usuario a través de la red, res... • https://launchpad.support.sap.com/#/notes/3208819 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-32247
https://notcve.org/view.php?id=CVE-2022-32247
12 Jul 2022 — SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, es susceptible de sufrir un ataque de... • https://launchpad.support.sap.com/#/notes/3209557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-29618
https://notcve.org/view.php?id=CVE-2022-29618
14 Jun 2022 — Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. Debido a una insuficiente comprobación de entrada, SAP NetWeaver Development Infrastructure (Design Time Repository) - ... • https://launchpad.support.sap.com/#/notes/3197927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29615
https://notcve.org/view.php?id=CVE-2022-29615
14 Jun 2022 — SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x. SAP NetWeaver Developer Studio (NWDS) - versión 7.50, es basado en Eclipse, que contiene el marco de registro log4j en la versión 1.x. La confidencialidad e integridad de la aplicación podría tener un impacto bajo debido a las vulnerabilidades asocia... • https://launchpad.support.sap.com/#/notes/3202846 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28217
https://notcve.org/view.php?id=CVE-2022-28217
13 Jun 2022 — Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by causing system to crash. Alguna parte de SAP NetWeaver (EP Web Page Composer) no valida suficientemente un documento XML aceptado desde una fuente no fiable, lo que permite a un adversario explotar el estacionamiento... • https://launchpad.support.sap.com/#/notes/3148377 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28772
https://notcve.org/view.php?id=CVE-2022-28772
12 Apr 2022 — By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. Mediante valores de entrada demasiado largos, un atacante puede forzar la sobreescritura de la pila interna del programa en SAP Web... • https://launchpad.support.sap.com/#/notes/3111311 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27669
https://notcve.org/view.php?id=CVE-2022-27669
12 Apr 2022 — An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges. Un usuario no autenticado puede usar funciones del Servicio de Archivo de Datos XML de SAP NetWeaver Application Server for Java - versión 7.50, cuyo acceso debería estar restringido. Esto puede resultar en una escalada de privilegios • https://launchpad.support.sap.com/#/notes/3152442 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28773
https://notcve.org/view.php?id=CVE-2022-28773
12 Apr 2022 — Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. Debido a una recursión no controlada en SAP Web Dispatcher y SAP Internet Communication Manager, la aplicación puede bloquearse, conllevando a una denegación de servicio, pero puede reiniciarse automáticamente • https://launchpad.support.sap.com/#/notes/3111293 • CWE-674: Uncontrolled Recursion •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-26105
https://notcve.org/view.php?id=CVE-2022-26105
12 Apr 2022 — SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. SAP NetWeaver Enterprise Portal - versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, es susceptible de sufrir un ataque de... • https://launchpad.support.sap.com/#/notes/3163583 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24397
https://notcve.org/view.php?id=CVE-2022-24397
09 Mar 2022 — SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. SAP NetWeaver Enterprise Portal - versiones 7.30, 7... • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •