CVE-2019-0275
https://notcve.org/view.php?id=CVE-2019-0275
SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40 and 7.50, does not sufficiently encode user-controlled inputs, which results in cross-site scripting (XSS) vulnerability. SAML 1.1 SSO Demo Application en SAP NetWeaCVEr Java Application SerCVEr (J2EE-APPS), desde la CVErsión 7.10 hasta la 7.11 y en CVErsiones 7.20, 7.30, 7.31, 7.40 y 7.50, no codifica suficientemente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/107362 https://launchpad.support.sap.com/#/notes/2689925 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2504
https://notcve.org/view.php?id=CVE-2018-2504
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. El servicio Java Web Container, de SAP NetWeaver AS, no valida contra una lista blanca la cabecera HTTP del host, lo que puede resultar en una vulnerabilidad de manipulación de la cabecera HTTP del host o de Cross-Site Scripting (XSS). La vulnerabilidad se ha solucionado en las versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50. • http://www.securityfocus.com/bid/106150 https://launchpad.support.sap.com/#/notes/2718993 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2503
https://notcve.org/view.php?id=CVE-2018-2503
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). Por defecto, el almacén de claves Java de SAP NetWeaver AS no restringe lo suficiente el acceso a recursos que deberían estar protegidos. Esto ha sido solucionado en SAP NetWeaver AS Java (ServerCore en versiones 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50). • http://www.securityfocus.com/bid/106156 https://launchpad.support.sap.com/#/notes/2658279 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-862: Missing Authorization •
CVE-2018-2492
https://notcve.org/view.php?id=CVE-2018-2492
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. La funcionalidad de SAML 2.0 en SAP NetWeaver AS Java no valida lo suficiente los documentos XML recibidos de una fuente no fiable. La vulnerabilidad se ha solucionado en las versiones 7.2, 7.30, 7.31, 7.40 y 7.50. • http://www.securityfocus.com/bid/106153 https://launchpad.support.sap.com/#/notes/2642680 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-2452
https://notcve.org/view.php?id=CVE-2018-2452
The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. La aplicación de inicio de sesión de SAP NetWeaver AS Java desde la versión 7.10 hasta la 7.11, 7.20, 7.30, 7.31, 7.40 y 7.50, no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105325 https://launchpad.support.sap.com/#/notes/2623846 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •