Page 7 of 62 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected. SAP NetWeaver Application Server for ABAP (Kernel) y ABAP Platform (Kernel) - versiones KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, no comprueba suficientemente la información de sap-passport, lo que podría conllevar un ataque de Denegación de Servicio. Esto permite a un usuario remoto no autorizado provocar un bloqueo del proceso de trabajo del SAP Web Dispatcher o del Kernel. • https://launchpad.support.sap.com/#/notes/3116223 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.9EPSS: 0%CPEs: 15EXPL: 0

A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756. Un usuario con altos privilegios que tenga acceso a la transacción SM59 puede leer los detalles de conexión almacenados con el destino de las llamadas http en SAP NetWeaver Application Server ABAP y ABAP Platform - versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 • https://launchpad.support.sap.com/#/notes/3128473 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. SAP NetWeaver AS ABAP (Workplace Server) - versiones 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, permite a un atacante ejecutar consultas a la base de datos diseñadas, que podrían exponer la base de datos del backend. Los ataques con éxito podrían resultar en una revelación de una tabla de contenidos del sistema, pero no se presenta riesgo de modificación posible • https://launchpad.support.sap.com/#/notes/3140587 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible. En SAP NetWeaver AS for ABAP y ABAP Platform - versiones 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, un atacante autenticado como usuario normal puede usar el cuadro de mandos de S/4 Hana para revelar sistemas y servicios que normalmente no se le permitiría ver. No es posible la alteración de la información ni la denegación de servicio • https://launchpad.support.sap.com/#/notes/3112710 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035 •

CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system. Dos métodos de una clase de utilidad en SAP NetWeaver AS ABAP - versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, permiten a un atacante con altos privilegios y que tenga acceso directo al sistema SAP, inyectar código cuando es ejecutado con un determinado constructor de clases de transacción. Esto podría permitir la ejecución de comandos arbitrarios en el sistema operativo, que podrían impactar altamente la Confidencialidad, Integridad y Disponibilidad del sistema • https://launchpad.support.sap.com/#/notes/3123196 https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •