CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-24740 – Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)
https://notcve.org/view.php?id=CVE-2024-24740
13 Feb 2024 — SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. SAP NetWeaver Application Server (ABAP): versiones KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, bajo ciertas condiciones, permite a un a... • https://me.sap.com/notes/3360827 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22126 – Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)
https://notcve.org/view.php?id=CVE-2024-22126
13 Feb 2024 — The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability. La aplicación User Admin de SAP NetWeaver AS para Java, versión 7.50, no valida lo suficiente y codifica incorrectamente los parámetros de la URL entrante antes de inclui... • https://me.sap.com/notes/3417627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4551 – SAP Netweaver 2004s Invalid Address Logging
https://notcve.org/view.php?id=CVE-2016-4551
03 Oct 2016 — The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. Los componentes (1) SAP_BASIS y (2) SAP_ABA 7.00 SP Level 0031 en SAP NetWeaver 2004s podría permitir a atacantes remotos suplantar direcciones IP escritas en el Security Audit Log a través de vectores relacionados con el entorno de red, vulnerabilidad también co... • http://seclists.org/fulldisclosure/2016/Oct/3 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4091
https://notcve.org/view.php?id=CVE-2015-4091
26 May 2015 — XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851. Vulnerabilidad de XXE en SAP NetWeaver AS Java 7.4 permite a atacantes remotos enviar peticiones TCP a servidores intranet o posiblemente tener otro impacto no especificado a través de una petición XML a tc~sld~wd~main/Main, relacionado ... • http://packetstormsecurity.com/files/133122/SAP-NetWeaver-AS-Java-XXE-Injection.html •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2013-3243
https://notcve.org/view.php?id=CVE-2013-3243
28 Oct 2013 — Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. Vulnerabilidad sin especificar en OpenText/IXOS ECM para SAP NetWeaver permite a atacantes remotos ejecutar código arbitrario ABAP a través de vectores sin especificar. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0214.html •
CVSS: 8.2EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4603
https://notcve.org/view.php?id=CVE-2009-4603
12 Jan 2010 — Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information. vulnerabilidad inespecífica en sapstartsrv.exe en el kernel SAP v6.40, v7.00, v7.01, v7.10, v7.11, y v7.20, tal y como se utiliza en SAP NetWeaver v7.x y SAP W... • http://secunia.com/advisories/37684 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2007-3496
https://notcve.org/view.php?id=CVE-2007-3496
29 Jun 2007 — Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Dynpro Java (BC-WD-JAV) en SAP NetWeaver Nw04 SP15 hasta SP19 y Nw04s SP7 hasta SP11, t... • http://osvdb.org/37748 •