CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2019-0365
https://notcve.org/view.php?id=CVE-2019-0365
10 Sep 2019 — SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Kernel (RFC), KRNL32NUC, KRNL32UC y KRNL64NUC versiones an... • https://launchpad.support.sap.com/#/notes/2786151 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-0271
https://notcve.org/view.php?id=CVE-2019-0271
12 Mar 2019 — ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below. El servidor ABA... • http://www.securityfocus.com/bid/107355 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-2441
https://notcve.org/view.php?id=CVE-2018-2441
14 Aug 2018 — Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. En ciertas condiciones, SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, ... • http://www.securityfocus.com/bid/105090 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2018-2433
https://notcve.org/view.php?id=CVE-2018-2433
10 Jul 2018 — SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Gateway (SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.53) permite que un atacante evite que usuarios legítimos... • https://launchpad.support.sap.com/#/notes/2597913 •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2018-2360
https://notcve.org/view.php?id=CVE-2018-2360
09 Jan 2018 — SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. SAP Startup Service y SAP KERNEL, en versiones 7.45, 7.49 y 7.52 no tienen comprobación de autenticación para funcionalidades que requieran la identidad del usuario y provoquen el consumo del almacenamiento del sistema de archivos. • http://www.securityfocus.com/bid/102448 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-16689
https://notcve.org/view.php?id=CVE-2017-16689
12 Dec 2017 — A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. Una conexión RFC fiable en SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL desde la versión 7.21... • http://www.securityfocus.com/bid/102144 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-16679
https://notcve.org/view.php?id=CVE-2017-16679
12 Dec 2017 — URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. Vulnerabilidad de redirección de URL en SAP Startup Service; SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.52, que permite que... • http://www.securityfocus.com/bid/102157 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •