CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27667
https://notcve.org/view.php?id=CVE-2022-27667
12 Apr 2022 — Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. Bajo determinadas condiciones, la plataforma SAP BusinessObjects Business Intelligence, Client Management Console (CMC) - versión 430, permite a un atacante acceder a información que de otra manera estaría restringida, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/3145769 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26107 – SAP 3D Visual Enterprise Viewer JT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26107
12 Apr 2022 — When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. Cuando un usuario abre una teselación de Júpiter manipulada (.jt, JTReader.x3d) recibida de fuentes no confiables en SAP 3D Visual Enterprise Viewer - versión 9.0, la aplicación es bloqueada y deja de estar disponible temporalmente para el usuario hast... • https://launchpad.support.sap.com/#/notes/3143437 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-1248 – SAP Information System POST Request add_admin.php improper authentication
https://notcve.org/view.php?id=CVE-2022-1248
06 Apr 2022 — A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed. Se ha encontrado una vulnerabilidad en SAP Information System versión 1.0, que ha sido calificada como crítica. • https://packetstorm.news/files/id/166609 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27658
https://notcve.org/view.php?id=CVE-2022-27658
28 Mar 2022 — Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. Bajo determinadas condiciones, SAP Innovation management - versión 2.0, permite a un atacante acceder a información que podría conllevar a una recopilación de información para otras explotaciones y ataques • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-24397
https://notcve.org/view.php?id=CVE-2022-24397
09 Mar 2022 — SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. SAP NetWeaver Enterprise Portal - versiones 7.30, 7... • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26104
https://notcve.org/view.php?id=CVE-2022-26104
08 Mar 2022 — SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. SAP Financial Consolidation - versión 10.1, no lleva a cabo las comprobaciones de autorización necesarias para actualizar los mensajes de la página de inicio, resultando en que un usuario no autorizado pueda alterar el mensaje del sistema de mantenimiento • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26103
https://notcve.org/view.php?id=CVE-2022-26103
08 Mar 2022 — Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. Bajo determinadas condiciones, SAP NetWeaver (Real Time Messaging Framework) - versión 7.50, permite a un atacante acceder a información que podría conllevar a una recopilación de información para otras explotaciones y ataques • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 3CVE-2022-26101 – SAP Fiori Launchpad Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-26101
08 Mar 2022 — Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fiori launchpad - versiones 754, 755, 756, no codifica suficientemente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-Site Scripting (XSS) The SAP Fiori launchpad suffers from a cross site scripting vulnerability. Various component versions are affected. • https://packetstorm.news/files/id/167561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-22547 – SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure
https://notcve.org/view.php?id=CVE-2022-22547
08 Mar 2022 — Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits. Simple Diagnostics Agent - versiones 1.0 (hasta la versión 1.57.), permite a un atacante acceder a información que de otro modo estaría restringida por medio de un puerto aleatorio 9000-65535. Esto permite una recopilación de información que ... • http://packetstormsecurity.com/files/167562/SAP-FRUN-Simple-Diagnostics-Agent-1.0-Information-Disclosure.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2022-24399 – SAP FRUN 2.00 / 3.00 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-24399
08 Mar 2022 — The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. El servicio REST de SAP Focused Run (Real User Monitoring) - versiones 200, 300, no sanea suficientemente el nombre de entrada del archivo usando multipart/form-data, resultando en una vulnerabilidad de tipo cross-Site Scripting (XSS) SAP Focused Run versions 2.00 and 3.00 suffer from a cross s... • https://packetstorm.news/files/id/167559 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •