CVE-2016-10005 – SAP Solman 7.31 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-10005
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. Webdynpro en SAP Solman 7.1 hasta la versión 7.31 permite a atacantes remotos obtener información sensible a través de la petición webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd, vulnerabilidad también conocida como SAP Security Note 2344524. SAP Solman versions 7.1 through 7.31 suffer from an information disclosure vulnerability. • http://packetstormsecurity.com/files/140232/SAP-Solman-7.31-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Dec/69 http://www.securityfocus.com/bid/92949 https://erpscan.io/advisories/erpscan-16-035-sap-solman-user-accounts-dislosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-5175
https://notcve.org/view.php?id=CVE-2014-5175
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. El servlet License Measurement en SAP Solution Manager 7.1 permite a atacantes remotos evadir la autenticación a través de vectores no especificados, relacionado con un ataque de la manipulación de verbos y SAP_JTECHS. • http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Jul/151 http://secunia.com/advisories/59548 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-023 http://www.securityfocus.com/bid/68949 https://exchange.xforce.ibmcloud.com/vulnerabilities/94932 https://service.sap.com/sap/support/notes/1778940 • CWE-287: Improper Authentication •
CVE-2014-1960
https://notcve.org/view.php?id=CVE-2014-1960
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. Solution Manager en SAP NetWeaver no restringe debidamente el acceso, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56942 https://erpscan.io/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure https://exchange.xforce.ibmcloud.com/vulnerabilities/91093 https://service.sap.com/sap/support/notes/1828885 • CWE-264: Permissions, Privileges, and Access Controls •