CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2015-2815
https://notcve.org/view.php?id=CVE-2015-2815
Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. Desbordamiento de buffer en la función C_SAPGPARAM en NetWeaver Dispatcher en SAP KERNEL 7.00 (7000.52.12.34966) y 7.40 (7400.12.21.30308) permite a usuarios remotos autenticados causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores no especificados, también conocido como la nota de seguridad de SAP 2063369. • http://packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html http://seclists.org/fulldisclosure/2015/Jun/61 http://www.securityfocus.com/archive/1/535825/100/800/threaded http://www.securityfocus.com/bid/73897 https://erpscan.io/advisories/erpscan-15-003-sapkernel-c_sapgparam-rce-dos • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2811
https://notcve.org/view.php?id=CVE-2015-2811
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. Vulnerabilidad de entidad externa XML (XXE) en ReportXmlViewer en SAP NetWeaver Portal 7.31.201109172004 permite a atacantes remotos enviar solicitudes a servidores de intranet a través de XML manipulado, también conocido como la nota de seguridad de SAP Security 2111939. • http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html http://seclists.org/fulldisclosure/2015/Jun/64 http://www.securityfocus.com/archive/1/535827/100/800/threaded http://www.securityfocus.com/bid/73691 https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2812
https://notcve.org/view.php?id=CVE-2015-2812
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. Vulnerabilidad de entidad externa XML (XXE) en XMLValidationComponent en SAP NetWeaver Portal 7.31.201109172004 permite a atacantes remotos enviar solicitudes a servidores de intranet a través de XML manipulado, también conocido como la nota de seguridad de SAP 2093966. • http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html http://seclists.org/fulldisclosure/2015/Jun/62 http://www.securityfocus.com/archive/1/535826/100/800/threaded https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2107
https://notcve.org/view.php?id=CVE-2015-2107
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. HP Operations Manager i Management Pack 1.x anterior a 1.01 para SAP permite a usuarios locales ejecutar comandos de Sistema Operativo aprovechando privilegios de administración SAP • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04588084 http://www.securitytracker.com/id/1031870 • CWE-284: Improper Access Control •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1309
https://notcve.org/view.php?id=CVE-2015-1309
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. Vulnerabilidad de entidad externa XML en Extended Computer Aided Test Tool (eCATT) en SAP NetWeaver AS ABAP 7.31 y anteriores permite a atacantes remotos acceder a ficheros arbitrarios a través de una solicitud XML manipulada, relacionado con ECATT_DISPLAY_XMLSTRING_REMOTE, también conocido como SAP Nota 2016638. • http://secunia.com/advisories/62469 https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015 •