CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-27610
https://notcve.org/view.php?id=CVE-2021-27610
16 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. SAP NetWeaver ABAP Server y ABAP Platform, versiones - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, no crea información sobre el usuario RFC intern... • https://launchpad.support.sap.com/#/notes/3007182 • CWE-287: Improper Authentication •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2021-27611
https://notcve.org/view.php?id=CVE-2021-27611
11 May 2021 — SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to inject malicious code by executing an ABAP report when the attacker has access to the local SAP system. The attacker could then get access to data, overwrite them, or execute a denial of service. SAP NetWeaver AS ABAP, versiones - 700, 701, 702, 730, 731, permiten a un atacante muy privilegiado inyectar código malicioso al ejecutar un reporte ABAP cuando el atacante tiene acceso al sistema SAP local. El atacante p... • https://launchpad.support.sap.com/#/notes/3046610 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-6324
https://notcve.org/view.php?id=CVE-2020-6324
09 Sep 2020 — SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting. SAP Netweaver AS ABAP(BSP Test Application sbspext_table), versión-700,701,720,730,731,740,750,751,752,753,754,755, permite a un atacante no autenticado enviar una UR... • https://launchpad.support.sap.com/#/notes/2948239 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2020-6310
https://notcve.org/view.php?id=CVE-2020-6310
12 Aug 2020 — Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure. Un control de acceso inapropiado en el componente SOA Configuration Trace en SAP NetWeaver (ABAP Server) y la plataforma ABAP, versiones - 702, 730, 731, 740, 750, permite a cualquier usuario autenticado enumerar todos los usuarios de SAP, conllevando a una Divulgación de... • https://launchpad.support.sap.com/#/notes/2944988 •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-6296
https://notcve.org/view.php?id=CVE-2020-6296
12 Aug 2020 — SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be executed by the application, leading to Code Injection. An attacker could thereby control the behavior of the application. SAP NetWeaver (ABAP Server) y plataforma ABAP, versiones: 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, permiten a un atacante inyectar código que puede ser ejecutado por la aplicación conllevando a una Inyecció... • https://launchpad.support.sap.com/#/notes/2941667 •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-6275
https://notcve.org/view.php?id=CVE-2020-6275
10 Jun 2020 — SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. SAP Netweaver AS ABAP, version... • https://launchpad.support.sap.com/#/notes/2912939 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6246
https://notcve.org/view.php?id=CVE-2020-6246
10 Jun 2020 — SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cro... • https://launchpad.support.sap.com/#/notes/2878935 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6213
https://notcve.org/view.php?id=CVE-2020-6213
24 Apr 2020 — SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs. SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, es vulnerable a un ataque de tipo Cross-Site Scripting (XSS) reflejado, por medio de di... • https://launchpad.support.sap.com/#/notes/2872752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6217
https://notcve.org/view.php?id=CVE-2020-6217
14 Apr 2020 — SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting ... • https://launchpad.support.sap.com/#/notes/2872545 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2020-6229
https://notcve.org/view.php?id=CVE-2020-6229
14 Apr 2020 — SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP (aplicación CRM_BSP_FRAME de Business Server Pages), versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, no codifica suficientemente entradas controladas por el usuario, re... • https://launchpad.support.sap.com/#/notes/2900374 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •