CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22124 – Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager
https://notcve.org/view.php?id=CVE-2024-22124
Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality. Bajo ciertas condiciones, Internet Communication Manager (ICM) o SAP Web Dispatcher - versiones KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT , WEBDISP 7.53, WEBDISP 7.54, podrían permitir que un atacante acceda a información que de otro modo estaría restringida y causaría un alto impacto en la confidencialidad. • https://me.sap.com/notes/3392626 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28772
https://notcve.org/view.php?id=CVE-2022-28772
By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service. Mediante valores de entrada demasiado largos, un atacante puede forzar la sobreescritura de la pila interna del programa en SAP Web Dispatcher - versiones 7.53, 7.77, 7.81, 7.85, 7.86, o Internet Communication Manager - versiones KRNL64NUC 7. 22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, lo que hace que estos programas no estén disponibles, conllevando a una denegación de servicio • https://launchpad.support.sap.com/#/notes/3111311 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28773
https://notcve.org/view.php?id=CVE-2022-28773
Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically. Debido a una recursión no controlada en SAP Web Dispatcher y SAP Internet Communication Manager, la aplicación puede bloquearse, conllevando a una denegación de servicio, pero puede reiniciarse automáticamente • https://launchpad.support.sap.com/#/notes/3111293 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-674: Uncontrolled Recursion •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2019-0248
https://notcve.org/view.php?id=CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP Gateway of ABAP Application Server (solucionado en SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106471 https://launchpad.support.sap.com/#/notes/2723142 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2470
https://notcve.org/view.php?id=CVE-2018-2470
In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. En SAP NetWeaver Application Server for ABAP desde la versión 7.0 hasta la 7.02, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.53, las aplicaciones no cifran lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105551 https://launchpad.support.sap.com/#/notes/2684760 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=500633095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •