CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47592 – Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)
https://notcve.org/view.php?id=CVE-2024-47592
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability. • https://me.sap.com/notes/3393899 https://url.sap/sapsecuritypatchday • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-21491
https://notcve.org/view.php?id=CVE-2021-21491
SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. SAP Netweaver Application Server Java (Aplicaciones basadas en WebDynpro Java) versiones 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permiten a un atacante redireccionar a usuarios a un sitio malicioso debido a vulnerabilidades de Reverse Tabnabbing • https://launchpad.support.sap.com/#/notes/2976947 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6263
https://notcve.org/view.php?id=CVE-2020-6263
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass. Los clientes dedicados que se conectan a SAP NetWeaver AS Java por medio del protocolo P4, versiones (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11 , 7.20, 7.30, 7.31, 7.40, 7.50), no realiza ninguna comprobación de autenticación para las operaciones que requieren identidad del usuario conllevando a una Omisión de Autenticación • https://launchpad.support.sap.com/#/notes/2878568 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0389
https://notcve.org/view.php?id=CVE-2019-0389
An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise. Un administrador de SAP NetWeaver Application Server Java (J2EE-Framework), (corregido en las versiones 7.1, 7.2, 7.3, 7.31, 7.4, 7.5), puede cambiar los privilegios para todas o algunas funciones en Java Server, y permitir a usuarios ejecutar funciones, que no son permitidas ejecutar de otro modo. • https://launchpad.support.sap.com/#/notes/2814357 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14581
https://notcve.org/view.php?id=CVE-2017-14581
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. El servicio web Host Control en SAP NetWeaver AS JAVA en sus versiones 7.0 a 7.5 permite que los atacantes remotos provoquen una denegación de servicio (cierre inesperado del servicio) mediante una petición manipulada. Esto también se conoce como SAP Security Note 2389181. • https://erpscan.io/advisories/erpscan-17-030-sap-hostcontrol-remote-dos •