CVSS: 6.1EPSS: 5%CPEs: 4EXPL: 0CVE-2022-29618
https://notcve.org/view.php?id=CVE-2022-29618
14 Jun 2022 — Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. Debido a una insuficiente comprobación de entrada, SAP NetWeaver Development Infrastructure (Design Time Repository) - ... • https://launchpad.support.sap.com/#/notes/3197927 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 92%CPEs: 6EXPL: 1CVE-2021-33690
https://notcve.org/view.php?id=CVE-2021-33690
15 Sep 2021 — Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of t... • https://github.com/redrays-io/CVE-2021-33690 • CWE-918: Server-Side Request Forgery (SSRF) •