CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2019-0349
https://notcve.org/view.php?id=CVE-2019-0349
SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to statement” without possessing the authorization S_DEVELOP DEBUG 02, resulting in Missing Authorization Check Kernel de SAP (ABAP Debugger), versiones KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT , 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, le permite al usuario ejecutar "GO to statement" sin poseer la autorización S_DEVELOP DEBUG 02, lo que resulta en la falta de verificación de autorización • https://launchpad.support.sap.com/#/notes/2798743 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2019-0304
https://notcve.org/view.php?id=CVE-2019-0304
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application. La función FTP de SAP NetWeaver AS ABAP Platform, versiones- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22EXT, 7.49, KRNL6464 7.21 EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, permite a un atacante inyectar un código o un comando específicamente manipulado que puede ser ejecutado por la aplicación. Por lo tanto, un atacante podría de este modo controlar el comportamiento de la aplicación. • https://launchpad.support.sap.com/#/notes/2719530 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2019-0270
https://notcve.org/view.php?id=CVE-2019-0270
ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04. El servidor ABAP de SAP NetWeaver y ABAP Platform no realiza correctamente las comprobaciones de autorización necesarias para un usuario autenticado, lo que resulta en un escalado de privilegios. Esto se ha solucionado en las siguientes versiones: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75 y 8.04. • http://www.securityfocus.com/bid/107377 https://launchpad.support.sap.com/#/notes/2727689 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 • CWE-862: Missing Authorization •
CVSS: 4.9EPSS: 1%CPEs: 25EXPL: 0CVE-2019-0265
https://notcve.org/view.php?id=CVE-2019-0265
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73 KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, 7.75. El registro SLD de ABAP Platform permite que un atacante evite que usuarios legítimos accedan a un servicio, ya sea cerrando o inundando el mismo. Se ha solucionado en las versiones KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49,KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT y 7.49. 7.73 KERNEL desde la 7.21 hasta la 7.22, 7.45, 7.49, 7.53, 7.73 y 7.75. • http://www.securityfocus.com/bid/106972 http://www.securityfocus.com/bid/107364 https://launchpad.support.sap.com/#/notes/2729710 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 • CWE-611: Improper Restriction of XML External Entity Reference •