CVSS: 5.3EPSS: 0%CPEs: 26EXPL: 0CVE-2021-33684
https://notcve.org/view.php?id=CVE-2021-33684
14 Jul 2021 — SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itse... • https://launchpad.support.sap.com/#/notes/3032624 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-33677
https://notcve.org/view.php?id=CVE-2021-33677
14 Jul 2021 — SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure. El servidor ABAP de SAP NetWeaver y la Plataforma ABAP, versiones - 700, 702, 730, 731, 804, 740, 750, 784, expone funciones al exterior que pueden conllevar a una divulgación de información • https://launchpad.support.sap.com/#/notes/3044754 •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-27610
https://notcve.org/view.php?id=CVE-2021-27610
16 Jun 2021 — SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. SAP NetWeaver ABAP Server y ABAP Platform, versiones - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, no crea información sobre el usuario RFC intern... • https://launchpad.support.sap.com/#/notes/3007182 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-26818
https://notcve.org/view.php?id=CVE-2020-26818
10 Nov 2020 — SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP (Web Dynpro), versiones: 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que revela in... • https://launchpad.support.sap.com/#/notes/2971954 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-26819
https://notcve.org/view.php?id=CVE-2020-26819
10 Nov 2020 — SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro), versiones - 731, 740, 750, 751, 752, 753, 754, 755, 782, permite a un usuario autenticado acceder a los componentes de Web Dynpro, lo que luego permite leer y eliminar archivos de registro de la base de datos debido a un Control de ... • https://launchpad.support.sap.com/#/notes/2971954 •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2020-6240
https://notcve.org/view.php?id=CVE-2020-6240
12 May 2020 — SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service SAP NetWeaver AS ABAP (Web Dynpro ABAP), versiones (SAP_UI 750, 752, 753, 754 y SAP_BASIS 700, 710, 730, 731, 804), permite a un atacante no autenticado impedir a usuarios legítimos el acceso a un servicio, ya sea mediante el bloqueo o... • https://launchpad.support.sap.com/#/notes/2856923 •