CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 1CVE-2020-6215 – SAP Application Server ABAP Open Redirection
https://notcve.org/view.php?id=CVE-2020-6215
14 Apr 2020 — SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, permite a un atacante redireccionar a usuarios hacia un sitio malicioso debido... • https://packetstorm.news/files/id/174985 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 27%CPEs: 4EXPL: 1CVE-2013-1593
https://notcve.org/view.php?id=CVE-2013-1593
23 Jan 2020 — A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. Se presenta una vulnerabilidad de Denegación de Servicio en la función WRITE_C en el módulo msg_server.exe en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, cuando se envía un paquete de SAP Message Server diseñado hacia los puertos TCP 36NN y/o 39NN. • http://www.securityfocus.com/bid/57956 • CWE-129: Improper Validation of Array Index •
CVSS: 10.0EPSS: 86%CPEs: 4EXPL: 3CVE-2013-1592 – SAP NetWeaver Message Server - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1592
23 Jan 2020 — A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de Desbordamiento de Búfer en la función _MsJ2EE_AddStatistics() del servicio Message Server cuando se envían paquetes de SAP Message Server especialmente diseñ... • https://www.exploit-db.com/exploits/24511 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •