CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2022-29618
https://notcve.org/view.php?id=CVE-2022-29618
14 Jun 2022 — Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. Debido a una insuficiente comprobación de entrada, SAP NetWeaver Development Infrastructure (Design Time Repository) - ... • https://launchpad.support.sap.com/#/notes/3197927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29615
https://notcve.org/view.php?id=CVE-2022-29615
14 Jun 2022 — SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x. SAP NetWeaver Developer Studio (NWDS) - versión 7.50, es basado en Eclipse, que contiene el marco de registro log4j en la versión 1.x. La confidencialidad e integridad de la aplicación podría tener un impacto bajo debido a las vulnerabilidades asocia... • https://launchpad.support.sap.com/#/notes/3202846 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 3CVE-2022-29614 – SAP SAPControl Web Service Interface Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-29614
14 Jun 2022 — SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. SAP startse... • https://packetstorm.news/files/id/168409 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2022-29612
https://notcve.org/view.php?id=CVE-2022-29612
14 Jun 2022 — SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise re... • https://launchpad.support.sap.com/#/notes/3194674 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 3CVE-2022-27668 – SAP SAProuter Improper Access Control
https://notcve.org/view.php?id=CVE-2022-27668
14 Jun 2022 — Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. Dependiendo de la configuración de la tabla de permisos de ruta en el archivo "sapr... • https://packetstorm.news/files/id/168406 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28217
https://notcve.org/view.php?id=CVE-2022-28217
13 Jun 2022 — Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by causing system to crash. Alguna parte de SAP NetWeaver (EP Web Page Composer) no valida suficientemente un documento XML aceptado desde una fuente no fiable, lo que permite a un adversario explotar el estacionamiento... • https://launchpad.support.sap.com/#/notes/3148377 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6220
https://notcve.org/view.php?id=CVE-2020-6220
06 Jun 2022 — BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. BI Launchpad y CMC en SAP Business Objects Business Intelligence Platform, versiones 4.1, 4.2, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS). La... • https://launchpad.support.sap.com/#/notes/2878507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29617
https://notcve.org/view.php?id=CVE-2022-29617
06 Jun 2022 — Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. Debido a un manejo inapropiado de errores, un usuario autenticado puede bloquear la instancia del asistente CLA. Esto podría afectar a la disponibilidad de la aplicación • https://github.com/cla-assistant/cla-assistant/security/advisories/GHSA-jjjv-grgr-v8h3 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-29616
https://notcve.org/view.php?id=CVE-2022-29616
11 May 2022 — SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. SAP Host Agent, SAP NetWeaver y ABAP Platform permiten a un atacante aprovechar errores lógicos en la administración de la memoria para causar una corrupción de memoria • https://launchpad.support.sap.com/#/notes/3145702 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29613
https://notcve.org/view.php?id=CVE-2022-29613
11 May 2022 — Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. Debido a una comprobación de entrada insuficiente, SAP Employee Self Service permite a un atacante autenticado con privilegios de usuario alterar el número de empleado. Si es explotado con éxito, el atacante puede visualiz... • https://launchpad.support.sap.com/#/notes/3164677 • CWE-20: Improper Input Validation •