CVE-2020-6307
https://notcve.org/view.php?id=CVE-2020-6307
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. Automated Note Search Tool (actualización proporcionada en SAP Basis versiones 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 y 7.54), no realiza suficientes comprobaciones de autorización conllevando a la lectura de información confidencial. • https://launchpad.support.sap.com/#/notes/2863397 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771 • CWE-863: Incorrect Authorization •
CVE-2018-2478
https://notcve.org/view.php?id=CVE-2018-2478
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user. Un atacante puede emplear entradas especialmente manipuladas para ejecutar comandos en el host de una instalación TREX/BWA, SAP Basis, en versiones 7.0 a 7.02, 7.10 a 7.11, 7.30, 7.31, 7.40 y 7.50 a 7.53. No todos los comandos son posibles, solo aquellos que puedan ser ejecutados por el usuario adm. • http://www.securityfocus.com/bid/105904 https://launchpad.support.sap.com/#/notes/2675696 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832 •
CVE-2013-3063
https://notcve.org/view.php?id=CVE-2013-3063
SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. SAP BASIS Communication Services v4.6B través de v7.30 permite a los usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0179.html http://scn.sap.com/docs/DOC-8218 http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/39-remote-code-execution-in-sap-connect-communication-services https://service.sap.com/sap/support/notes/1674132 •