CVE-2020-6304
https://notcve.org/view.php?id=CVE-2020-6304
Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service. Una comprobación de entrada inapropiada en SAP NetWeaver Internet Communication Manager (actualización proporcionada en KRNL32NUC & KRNL32UC versiones 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC & KRNL64UC versiones 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KERNEL versiones 7.21, 7.49, 7.53), permite a un atacante impedir a usuarios acceder a sus servicios por medio de una denegación de servicio. • https://launchpad.support.sap.com/#/notes/2848498 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771 • CWE-20: Improper Input Validation •
CVE-2019-0351
https://notcve.org/view.php?id=CVE-2019-0351
A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate. Se presenta una vulnerabilidad de ejecución de código remota en SAP NetWeaver UDDI Server (Services Registry), versiones 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Debido a esto, un atacante puede explotar el Services Registry potencialmente permitiéndoles tomar el control completo del producto, incluyendo visualizar, cambiar o eliminar datos mediante la inyección de código en la memoria de trabajo que posteriormente es ejecutada por la aplicación. • https://launchpad.support.sap.com/#/notes/2800779 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 •
CVE-2019-0318
https://notcve.org/view.php?id=CVE-2019-0318
Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones SAP NetWeaver Application Server para Java (Framework Startup), versiones 7.21, 7.22, 7.45, 7.49 y 7.53, permite a un atacante acceder a información que de otra manera estaría restringida. • http://www.securityfocus.com/bid/109069 https://launchpad.support.sap.com/#/notes/2738791 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 •
CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 https://launchpad.support.sap.com/#/notes/2723142 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •
CVE-2018-2477
https://notcve.org/view.php?id=CVE-2018-2477
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. Knowledge Management (XMLForms) en SAP NetWeaver, 7.30, 7.31, 7.40 y 7.50 no valida lo suficiente un documento XML aceptado de una fuente no fiable. • http://www.securityfocus.com/bid/105901 https://launchpad.support.sap.com/#/notes/2661740 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 • CWE-91: XML Injection (aka Blind XPath Injection) •