CVSS: 6.3EPSS: 0%CPEs: 13EXPL: 0CVE-2024-33005 – Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server
https://notcve.org/view.php?id=CVE-2024-33005
13 Aug 2024 — Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications. Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and J... • https://me.sap.com/notes/3438085 • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-30218 – Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-30218
09 Apr 2024 — The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. El servidor de aplicaciones ABAP de SAP NetWeaver, así como la plataforma ABAP, permiten a un atacante impedir que usuarios legítimos accedan a un servicio, ya sea bloqueando o inundando el servicio. Esto tiene un impacto considerable en la disponibilidad. The ABAP Applic... • https://me.sap.com/notes/3359778 • CWE-400: Uncontrolled Resource Consumption CWE-605: Multiple Binds to the Same Port •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-24740 – Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)
https://notcve.org/view.php?id=CVE-2024-24740
13 Feb 2024 — SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. SAP NetWeaver Application Server (ABAP): versiones KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, bajo ciertas condiciones, permite a un a... • https://me.sap.com/notes/3360827 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2023-41366 – Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2023-41366
14 Nov 2023 — Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the applicati... • https://me.sap.com/notes/3362849 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 47EXPL: 0CVE-2023-40309 – Missing Authorization check in SAP CommonCryptoLib
https://notcve.org/view.php?id=CVE-2023-40309
12 Sep 2023 — SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data. SAP CommonCryptoLib no realiza las comprobaciones de autenticación necesarias, lo que puede dar como resultado comprobacione... • https://me.sap.com/notes/3340576 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 47EXPL: 0CVE-2023-40308 – Memory Corruption vulnerability in SAP CommonCryptoLib
https://notcve.org/view.php?id=CVE-2023-40308
12 Sep 2023 — SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information. SAP CommonCryptoLib permite que un atacante no autenticado cree una solicitud que, cuando se envía a un puerto abierto, provoca un error de corrupción de memoria en una librería, lo que a su vez provoca que el componente de t... • https://me.sap.com/notes/3327896 • CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35874 – Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2023-35874
11 Jul 2023 — SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentialit... • https://me.sap.com/notes/3318850 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0CVE-2023-27499 – Cross-Site Scripting (XSS) vulnerability in SAP GUI for HTML
https://notcve.org/view.php?id=CVE-2023-27499
11 Apr 2023 — SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker. • https://launchpad.support.sap.com/#/notes/3275458 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 27EXPL: 0CVE-2023-0014 – Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2023-0014
10 Jan 2023 — SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system. • https://launchpad.support.sap.com/#/notes/3089413 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-39799
https://notcve.org/view.php?id=CVE-2022-39799
13 Sep 2022 — An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user. Un atacante sin autenticación previa podría diseñar y enviar un script malicioso a la Interfaz Gráfica de Usuario de SAP para HTML dentro de Fiori Launchpad, resultando en un ataque de tipo cross-site scripting. Esto podría conllevar a un robo de infor... • https://launchpad.support.sap.com/#/notes/3229820 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •