Page 7 of 53 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. SAP NetWeaver Application Server for ABAP y ABAP Platform no llevan a cabo las comprobaciones de autorización necesarias para un usuario autenticado, resultando en una escalada de privilegios • https://launchpad.support.sap.com/#/notes/3165801 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-862: Missing Authorization •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application. Debido a una falta de comprobación de la autorización, SAP NetWeaver Application Server for ABAP - versiones 700, 701, 702, 731, permite a un atacante autenticado, acceder al contenido de la pantalla de inicio de cualquier transacción que esté disponible con en el mismo sistema SAP, incluso si él / ella no está autorizado para esa transacción. Una explotación con éxito podría exponer información y, en el peor de los casos, manipular datos antes de que sea ejecutada la pantalla de inicio, lo que tendría un impacto limitado en la confidencialidad e integridad de la aplicación • https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10 https://launchpad.support.sap.com/#/notes/3145997 • CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 95%CPEs: 26EXPL: 2

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 y SAP Web Dispatcher son vulnerables para el contrabando de peticiones y la concatenación de peticiones. • https://github.com/antx-code/CVE-2022-22536 https://github.com/tess-ss/SAP-memory-pipes-desynchronization-vulnerability-MPI-CVE-2022-22536 https://launchpad.support.sap.com/#/notes/3123396 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. SAP NetWeaver AS ABAP (Workplace Server) - versiones 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, permite a un atacante ejecutar consultas a la base de datos diseñadas, que podrían exponer la base de datos del backend. Los ataques con éxito podrían resultar en una revelación de una tabla de contenidos del sistema, pero no se presenta riesgo de modificación posible • https://launchpad.support.sap.com/#/notes/3140587 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0

Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system. Dos métodos de una clase de utilidad en SAP NetWeaver AS ABAP - versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, permiten a un atacante con altos privilegios y que tenga acceso directo al sistema SAP, inyectar código cuando es ejecutado con un determinado constructor de clases de transacción. Esto podría permitir la ejecución de comandos arbitrarios en el sistema operativo, que podrían impactar altamente la Confidencialidad, Integridad y Disponibilidad del sistema • https://launchpad.support.sap.com/#/notes/3123196 https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •