CVSS: 5.3EPSS: 0%CPEs: 26EXPL: 0CVE-2021-33684
https://notcve.org/view.php?id=CVE-2021-33684
14 Jul 2021 — SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itse... • https://launchpad.support.sap.com/#/notes/3032624 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 3CVE-2021-33678 – SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
https://notcve.org/view.php?id=CVE-2021-33678
14 Jul 2021 — A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable. Un módulo de funciones de SAP NetWeaver AS ABAP (Reconciliation Framework), versiones - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751,... • https://packetstorm.news/files/id/167229 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-33677
https://notcve.org/view.php?id=CVE-2021-33677
14 Jul 2021 — SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. El servidor ABAP de SAP NetWeaver y la Plataforma ABAP, versiones - 700, 702, 730, 731, 804, 740, 750, 784, expone funciones al exterior que pueden conllevar a una divulgación de información • https://launchpad.support.sap.com/#/notes/3044754 •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-27610
https://notcve.org/view.php?id=CVE-2021-27610
16 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. SAP NetWeaver ABAP Server y ABAP Platform, versiones - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, no crea información sobre el usuario RFC intern... • https://launchpad.support.sap.com/#/notes/3007182 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 3CVE-2021-21473 – SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
https://notcve.org/view.php?id=CVE-2021-21473
09 Jun 2021 — SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform. SAP NetWeaver AS ABAP y ABAP Platform, versiones - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contiene el módulo de función SRM_RFC_SUBMIT_REPORT que no comprueba la autorizació... • https://packetstorm.news/files/id/167229 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21446
https://notcve.org/view.php?id=CVE-2021-21446
12 Jan 2021 — SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, this has a high impact on the availability of the service. SAP NetWeaver AS ABAP, versiones 740, 750, 751, 752, 753, 754, 755, permite a un atacante no autenticado impedir que usuarios legítimos accedan a un servicio, ya sea bloqueando o inundando el servicio, esto presenta un alto impacto en la disponibilidad ... • https://launchpad.support.sap.com/#/notes/3000306 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2020-26835
https://notcve.org/view.php?id=CVE-2020-26835
09 Dec 2020 — SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability. SAP NetWeaver AS ABAP, versiones - 740, 750, 751, 752, 753, 754, no codifica suficientemente la URL, lo que permite a un atacante ingresar un script java malicioso en la URL que podría ser ejecutado en el navegador, resultando en una vulnerabi... • https://launchpad.support.sap.com/#/notes/2996479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-26818
https://notcve.org/view.php?id=CVE-2020-26818
10 Nov 2020 — SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP (Web Dynpro), versiones: 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que revela in... • https://launchpad.support.sap.com/#/notes/2971954 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-26819
https://notcve.org/view.php?id=CVE-2020-26819
10 Nov 2020 — SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro), versiones - 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que luego permite leer y eliminar archivos de registro de la base de datos debido a un Control de ... • https://launchpad.support.sap.com/#/notes/2971954 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-6324
https://notcve.org/view.php?id=CVE-2020-6324
09 Sep 2020 — SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim�s browser leading to Reflected Cross Site Scripting. SAP Netweaver AS ABAP(BSP Test Application sbspext_table), versión-700,701,720,730,731,740,750,751,752,753,754,755, permite a un atacante no autenticado enviar una UR... • https://launchpad.support.sap.com/#/notes/2948239 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •