CVE-2023-33987 Request smuggling and request concatenation in SAP Web Dispatcher

An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL...

CVE-2022-27668

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC...

CVE-2021-33665

SAP NetWeaver Application Server ABAP Applications based on SAP GUI for HTML, versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

Authorization

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64N...

Design/Logic Flaw

The SAP Internet Graphics Service IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification...

CVE-2018-2395

Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files...

CVE-2018-2388

Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53...

CVE-2018-2383

Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53...

Cross site request forgery (csrf)

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file...

CVE-2018-2392

SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53 contain two XML External Entity Injection vulnerabilities (XXE) in the XMLCHART page (CVE-2018-2392 and CVE-2018-2393). The flaws arise from insufficient validation of the Extension HTML tag during POST requests to ge...

CVE-2018-2384

Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services...

CVE-2018-2387

The CVE-2018-2387 entry describes a vulnerability in SAP Internet Graphics Server affecting versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The issue allows a malicious user to obtain information about open ports that should not be accessible, indicating an information disclosure risk. The connecte...

CVE-2018-2386

Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53...

CVE-2017-16679

URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site...