CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35299 – SAP SQL Anywhere Database Server Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-35299
SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an attacker to leverage logical errors in memory management to cause a memory corruption, such as Stack-based buffer overflow. SAP SQL Anywhere - versión 17.0, y SAP IQ - versión 16.1, permite a un atacante aprovechar errores lógicos en la administración de la memoria para causar una corrupción de memoria, como un desbordamiento de búfer en la región Stack de la memoria This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP SQL Anywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Database Server, which listens on TCP and UDP ports 2638 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root. • https://launchpad.support.sap.com/#/notes/3232021 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32244
https://notcve.org/view.php?id=CVE-2022-32244
Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. This needs the attacker to have high privilege access to the same physical/logical network to access information which would otherwise be restricted, leading to low impact on confidentiality and high impact on integrity of the application. Bajo determinadas condiciones, un atacante autenticado como administrador del CMS puede acceder a la base de datos de comentarios del BOE y recuperar datos del sistema (no personales), modificar datos del sistema pero no puede hacer que el sistema no esté disponible. Esto requiere que el atacante tenga un acceso de alto privilegio a la misma red física/lógica para acceder a la información que de otro modo estaría restringida, conllevando a un bajo impacto en la confidencialidad y un alto impacto en la integridad de la aplicación • https://launchpad.support.sap.com/#/notes/3213524 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39014
https://notcve.org/view.php?id=CVE-2022-39014
Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. Bajo determinadas condiciones, SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - versión 430, permite a un atacante acceder a determinados parámetros confidenciales no encriptados que de otra manera estarían restringidos • https://launchpad.support.sap.com/#/notes/3217303 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39801
https://notcve.org/view.php?id=CVE-2022-39801
SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application. SAP GRC Access control Emergency Access Management permite a un atacante autenticado acceder a una sesión de Firefighter incluso después de haberla cerrado en Firefighter Logon Pad. Este ataque sólo puede lanzarse dentro del firewall. • https://launchpad.support.sap.com/#/notes/3237075 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39799
https://notcve.org/view.php?id=CVE-2022-39799
An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user. Un atacante sin autenticación previa podría diseñar y enviar un script malicioso a la Interfaz Gráfica de Usuario de SAP para HTML dentro de Fiori Launchpad, resultando en un ataque de tipo cross-site scripting. Esto podría conllevar a un robo de información de sesión y una suplantación del usuario afectado • https://launchpad.support.sap.com/#/notes/3229820 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •