1284 matches found
CVE-2019-0271
ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...
CVE-2019-0271
CVE-2019-0271 affects ABAP Server (NetWeaver/Suite/ERP) and ABAP Platform. The vulnerability is an XML External Entity (XEE) issue caused by insufficient validation of XML documents from untrusted sources, enabling potential manipulation via external entities. Affected ranges: ABAP Server 7.00–7....
CVE-2019-0257
Customizing functionality of SAP NetWeaver AS ABAP Platform fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...
CVE-2019-0265
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...
CVE-2019-0257
Customizing functionality of SAP NetWeaver AS ABAP Platform fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...
CVE-2019-0265
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...
CVE-2019-0255
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The...
Design/Logic Flaw
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...
Design/Logic Flaw
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The...
CVE-2019-0265
CVE-2019-0265 affects SAP ABAP Platform SLD registration, enabling DoS by crashing or flooding the service. Affected kernel components include KRNL32NUC/UC and KRNL64NUC/UC with various 7.21–7.22/7.49 streams; 7.73 kernel also addressed for multiple upgrades (7.21–7.22, 7.45, 7.49, 7.53, 7.73, 7....
CVE-2019-0257
The CVE affects SAP NetWeaver AS ABAP Platform. The issue is in the customization functionality that does not perform necessary authorization checks for an authenticated user, enabling escalation of privileges. Affected versions include: 7.0–7.02; 7.10–7.11; 7.30; 7.31; 7.40; 7.50–7.53; and 7.74–...
CVE-2019-0255
The CVE-2019-0255 entry pertains to SAP NetWeaver AS ABAP Platform (Krnl64nuc 7.74, krnl64UC 7.73–7.75, Kernel 7.73–7.75). The vulnerability arises from failing to validate the installation type for an ABAP Server system, which could allow a user to access the full SAP Easy Access Menu and potent...
CVE-2019-0255
SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The...
CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server fixed in SAPGWFND 7.5, 7.51, 7.52, 7.53; SAPBASIS 7.5 allows an attacker to access information which would otherwise be restricted...
CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server fixed in SAPGWFND 7.5, 7.51, 7.52, 7.53; SAPBASIS 7.5 allows an attacker to access information which would otherwise be restricted...
CVE-2019-0248
Summary: CVE-2019-0248 affects the SAP Gateway of the ABAP Application Server, causing information disclosure under certain conditions. The issue is addressed in SAP_GWFND versions 7.5, 7.51, 7.52, 7.53 and SAP_BASIS 7.5. Affected component: SAP Gateway in the ABAP Application Server. Root cause/...
CVE-2018-2494
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform...
CVE-2018-2494
The CVE-2018-2494 entry concerns privilege escalation due to insufficient authorization checks for an authenticated user in SAP NetWeaver SAP Basis AS ABAP. Connected sources confirm the affected software as SAP NetWeaver 700–750, with the fix delivered from version 750 onward as ABAP Platform. I...
CVE-2018-2494
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform...
CVE-2018-2481
In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...