CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40498
https://notcve.org/view.php?id=CVE-2021-40498
12 Oct 2021 — A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing... • https://launchpad.support.sap.com/#/notes/3077635 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38183
https://notcve.org/view.php?id=CVE-2021-38183
12 Oct 2021 — SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability. SAP NetWeaver - versiones 700, 701, 702, 730, no codifica suficientemente las entradas controladas por el usuario, permitiendo a un atacante causar que una víctima potencial suminist... • https://launchpad.support.sap.com/#/notes/3084937 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-40499
https://notcve.org/view.php?id=CVE-2021-40499
12 Oct 2021 — Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. Los servicios de impresión del lado del cliente SAP Cloud Print Manager y SAPSprint para SAP NetWeaver Application Server for ABAP - versiones 7.70, 7.70 PI, 7.70 BYD, permiten a un atacante inyectar código que puede ser ... • https://launchpad.support.sap.com/#/notes/3100882 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2021-40496
https://notcve.org/view.php?id=CVE-2021-40496
12 Oct 2021 — SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details. SAP Internet Communication framework (ICM) - versio... • https://launchpad.support.sap.com/#/notes/3087254 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38180
https://notcve.org/view.php?id=CVE-2021-38180
12 Oct 2021 — SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution. SAP Business One - versión 10.0, permite a un atacante inyectar fórmulas cuando se exportan datos a Excel (inyección CSV) debido a u... • https://launchpad.support.sap.com/#/notes/3079427 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-38178
https://notcve.org/view.php?id=CVE-2021-38178
12 Oct 2021 — The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data. El sistema de logística de software de SAP NetWeaver AS ABAP y ABAP Platform ver... • https://launchpad.support.sap.com/#/notes/3097887 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40497
https://notcve.org/view.php?id=CVE-2021-40497
12 Oct 2021 — SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version. SAP BusinessObjects Analysis (edición para OLAP) - versiones 420, 430, permite a un atacante explotar determinados endpoints de la aplicación para leer datos confidenciales. Estos endpoints están normalmente... • https://launchpad.support.sap.com/#/notes/3098917 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.3EPSS: 0%CPEs: 14EXPL: 0CVE-2021-40495
https://notcve.org/view.php?id=CVE-2021-40495
12 Oct 2021 — There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform. Se presentan múltiples vulnerabilidades de denegación de servicio en SAP NetWeaver Application Server for ABAP y ABAP Platform - versiones 740, 750, 751, 752, 753, 754, 755. Un atacante n... • https://launchpad.support.sap.com/#/notes/3099011 •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2021-38181
https://notcve.org/view.php?id=CVE-2021-38181
12 Oct 2021 — SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP NetWeaver AS ABAP y ABAP Platform - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, permite a un atacante impedir que los usuarios legítimos accedan a un servicio, ya sea al bloquear o inundar el servicio • https://launchpad.support.sap.com/#/notes/3080710 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38179
https://notcve.org/view.php?id=CVE-2021-38179
12 Oct 2021 — Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials. La función de depuración de la Interfaz de Usuario de administración de SAP Business One Integration está habilitada por defecto. Esto permite al usuario administrador visualizar el contenido del paquete capturado, que puede incluir las credenciales del Usuario • https://launchpad.support.sap.com/#/notes/3074819 •