CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-24740 – Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)
https://notcve.org/view.php?id=CVE-2024-24740
13 Feb 2024 — SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. SAP NetWeaver Application Server (ABAP): versiones KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, bajo ciertas condiciones, permite a un a... • https://me.sap.com/notes/3360827 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2019-0365
https://notcve.org/view.php?id=CVE-2019-0365
10 Sep 2019 — SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Kernel (RFC), KRNL32NUC, KRNL32UC y KRNL64NUC versiones an... • https://launchpad.support.sap.com/#/notes/2786151 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-0271
https://notcve.org/view.php?id=CVE-2019-0271
12 Mar 2019 — ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below. El servidor ABA... • http://www.securityfocus.com/bid/107355 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-2441
https://notcve.org/view.php?id=CVE-2018-2441
14 Aug 2018 — Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. En ciertas condiciones, SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, ... • http://www.securityfocus.com/bid/105090 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2433
https://notcve.org/view.php?id=CVE-2018-2433
10 Jul 2018 — SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Gateway (SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.53) permite que un atacante evite que usuarios legítimos... • https://launchpad.support.sap.com/#/notes/2597913 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-2360
https://notcve.org/view.php?id=CVE-2018-2360
09 Jan 2018 — SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. SAP Startup Service y SAP KERNEL, en versiones 7.45, 7.49 y 7.52 no tienen comprobación de autenticación para funcionalidades que requieran la identidad del usuario y provoquen el consumo del almacenamiento del sistema de archivos. • http://www.securityfocus.com/bid/102448 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-16679
https://notcve.org/view.php?id=CVE-2017-16679
12 Dec 2017 — URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. Vulnerabilidad de redirección de URL en SAP Startup Service; SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.52, que permite que... • http://www.securityfocus.com/bid/102157 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-16689
https://notcve.org/view.php?id=CVE-2017-16689
12 Dec 2017 — A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. Una conexión RFC fiable en SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL desde la versión 7.21... • http://www.securityfocus.com/bid/102144 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5997
https://notcve.org/view.php?id=CVE-2017-5997
15 Feb 2017 — The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. El demonio de SAP Message Server HTTP en SAP KERNEL 7.21-7.49 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de proceso) a través de múltiples solicitudes msgserver/group?group= con un tamaño mani... • https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9595
https://notcve.org/view.php?id=CVE-2014-9595
15 Jan 2015 — Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271. Desbordamiento de buffer en SAP NetWeaver Dispatcher en SAP Kernel 7.00 de 32 bits y 7.40 de 64 bits permite a usuarios remotos autenticados causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores no especif... • http://secunia.com/advisories/62150 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •