Lucene search
+L

1284 matches found

Cvelist
Cvelist
added 2019/03/12 10:0 p.m.24 views

CVE-2019-0271

ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...

6.5AI score0.01435EPSS
Exploits0References5
CVE
CVE
added 2019/03/12 10:0 p.m.57 views

CVE-2019-0271

CVE-2019-0271 affects ABAP Server (NetWeaver/Suite/ERP) and ABAP Platform. The vulnerability is an XML External Entity (XEE) issue caused by insufficient validation of XML documents from untrusted sources, enabling potential manipulation via external entities. Affected ranges: ABAP Server 7.00–7....

6.5CVSS6.5AI score0.01435EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2019/02/15 6:29 p.m.3 views

CVE-2019-0257

Customizing functionality of SAP NetWeaver AS ABAP Platform fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...

8.8CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2019/02/15 6:29 p.m.20 views

CVE-2019-0265

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...

4.9CVSS5.1AI score0.02054EPSS
Exploits0References4
NVD
NVD
added 2019/02/15 6:29 p.m.24 views

CVE-2019-0257

Customizing functionality of SAP NetWeaver AS ABAP Platform fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...

8.8CVSS8.9AI score0.0139EPSS
Exploits0References3
OSV
OSV
added 2019/02/15 6:29 p.m.6 views

CVE-2019-0265

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...

4.9CVSS5.8AI score0.02054EPSS
Exploits0References4
NVD
NVD
added 2019/02/15 6:29 p.m.16 views

CVE-2019-0255

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The...

8.1CVSS8.1AI score0.01653EPSS
Exploits0References3
Prion
Prion
added 2019/02/15 6:29 p.m.21 views

Design/Logic Flaw

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...

4CVSS5.1AI score0.02054EPSS
Exploits0References4Affected Software5
Prion
Prion
added 2019/02/15 6:29 p.m.15 views

Design/Logic Flaw

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The...

5.5CVSS8.1AI score0.01653EPSS
Exploits0References3Affected Software3
CVE
CVE
added 2019/02/15 6:0 p.m.70 views

CVE-2019-0265

CVE-2019-0265 affects SAP ABAP Platform SLD registration, enabling DoS by crashing or flooding the service. Affected kernel components include KRNL32NUC/UC and KRNL64NUC/UC with various 7.21–7.22/7.49 streams; 7.73 kernel also addressed for multiple upgrades (7.21–7.22, 7.45, 7.49, 7.53, 7.73, 7....

4.9CVSS5.1AI score0.02054EPSS
Exploits0References4Affected Software5
CVE
CVE
added 2019/02/15 6:0 p.m.71 views

CVE-2019-0257

The CVE affects SAP NetWeaver AS ABAP Platform. The issue is in the customization functionality that does not perform necessary authorization checks for an authenticated user, enabling escalation of privileges. Affected versions include: 7.0–7.02; 7.10–7.11; 7.30; 7.31; 7.40; 7.50–7.53; and 7.74–...

8.8CVSS8.7AI score0.0139EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2019/02/15 6:0 p.m.56 views

CVE-2019-0255

The CVE-2019-0255 entry pertains to SAP NetWeaver AS ABAP Platform (Krnl64nuc 7.74, krnl64UC 7.73–7.75, Kernel 7.73–7.75). The vulnerability arises from failing to validate the installation type for an ABAP Server system, which could allow a user to access the full SAP Easy Access Menu and potent...

8.1CVSS8AI score0.01653EPSS
Exploits0References3Affected Software3
Cvelist
Cvelist
added 2019/02/15 6:0 p.m.17 views

CVE-2019-0255

SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails to validate type of installation for an ABAP Server system correctly. That behavior may lead to situation, where business user achieves access to the full SAP Menu, that is 'Easy Access Menu'. The...

8.2AI score0.01653EPSS
Exploits0References3
OSV
OSV
added 2019/01/08 8:29 p.m.5 views

CVE-2019-0248

Under certain conditions SAP Gateway of ABAP Application Server fixed in SAPGWFND 7.5, 7.51, 7.52, 7.53; SAPBASIS 7.5 allows an attacker to access information which would otherwise be restricted...

5.9CVSS5.8AI score0.01564EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/01/08 8:0 p.m.20 views

CVE-2019-0248

Under certain conditions SAP Gateway of ABAP Application Server fixed in SAPGWFND 7.5, 7.51, 7.52, 7.53; SAPBASIS 7.5 allows an attacker to access information which would otherwise be restricted...

5.6AI score0.01564EPSS
Exploits0References3
CVE
CVE
added 2019/01/08 8:0 p.m.65 views

CVE-2019-0248

Summary: CVE-2019-0248 affects the SAP Gateway of the ABAP Application Server, causing information disclosure under certain conditions. The issue is addressed in SAP_GWFND versions 7.5, 7.51, 7.52, 7.53 and SAP_BASIS 7.5. Affected component: SAP Gateway in the ABAP Application Server. Root cause/...

5.9CVSS5.5AI score0.01564EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/12/11 11:0 p.m.18 views

CVE-2018-2494

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform...

8.2AI score0.00758EPSS
Exploits0References2
CVE
CVE
added 2018/12/11 11:0 p.m.54 views

CVE-2018-2494

The CVE-2018-2494 entry concerns privilege escalation due to insufficient authorization checks for an authenticated user in SAP NetWeaver SAP Basis AS ABAP. Connected sources confirm the affected software as SAP NetWeaver 700–750, with the fix delivered from version 750 onward as ABAP Platform. I...

8CVSS8AI score0.00758EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/12/11 10:29 p.m.19 views

CVE-2018-2494

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform...

8CVSS8.1AI score0.00758EPSS
Exploits0References2
OSV
OSV
added 2018/11/13 8:29 p.m.5 views

CVE-2018-2481

In some SAP standard roles, in SAPABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality...

7.2CVSS5.8AI score0.01457EPSS
Exploits0References3
Rows per page
Query Builder