CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24527 – Improper Access Control in SAP NetWeaver AS Java for Deploy Service
https://notcve.org/view.php?id=CVE-2023-24527
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity. • https://launchpad.support.sap.com/#/notes/3287784 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-6181
https://notcve.org/view.php?id=CVE-2020-6181
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. En algunas circunstancias, la implementación de SSO SAML en SAP NetWeaver (SAP_BASIS versiones 702, 730, 731, 740 y SAP ABAP Platform (SAP_BASIS versiones 750, 751, 752, 753, 754), permite a un atacante incluir datos invalidados en encabezado de respuesta HTTP enviado a un usuario Web, conllevando a una vulnerabilidad de División de Respuesta HTTP. • https://launchpad.support.sap.com/#/notes/2880744 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0389
https://notcve.org/view.php?id=CVE-2019-0389
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. Un administrador de SAP NetWeaver Application Server Java (J2EE-Framework), (corregido en las versiones 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), puede cambiar los privilegios para todas o algunas funciones en Java Server, y permitir a usuarios ejecutar funciones, que no son permitidas ejecutar de otro modo. • https://launchpad.support.sap.com/#/notes/2814357 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0328
https://notcve.org/view.php?id=CVE-2019-0328
ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system. ABAP Tests Modules (SAP Basis, versiones 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) de SAP NetWeaver Process Integration, permiten a un atacante la ejecución de comandos del sistema operativo con derechos privilegiados. Un atacante podría afectar la integridad y disponibilidad del sistema. • http://www.securityfocus.com/bid/109067 https://launchpad.support.sap.com/#/notes/2774489 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0321
https://notcve.org/view.php?id=CVE-2019-0321
ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. ABAP Server y ABAP Platform (SAP Basis), versiones 7.31, 7.4, 7.5, no codifican de manera suficiente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS). • http://www.securityfocus.com/bid/109078 https://launchpad.support.sap.com/#/notes/2773888 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •