58 matches found
CVE-2020-6324
The CVE-2020-6324 entry affects SAP NetWeaver AS ABAP (BSP Test Application sbspext_table) across SAP NetWeaver ABAP versions 700–755. The vulnerability is a Reflected Cross-Site Scripting issue triggered by an unauthenticated user sending a polluted URL; when the victim clicks, the attacker can ...
CVE-2020-6270
SAP NetWeaver AS ABAP Banking Services, versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...
Authorization
SAP NetWeaver AS ABAP Banking Services, versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...
CVE-2020-6246
CVE-2020-6246 affects SAP NetWeaver AS ABAP Business Server Pages SBSPEXT_TABLE (versions 700–754). It is a reflected XSS due to insufficient encoding of user-controlled inputs in SBSPEXT_TABLE, as documented by SAP/Red Hat and NVD references. Impacts: low confidentiality and integrity (per CVSS ...
PT-2020-19036 · Sap · Sap Netweaver As Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP Web Dynpro ABAP versions SAP UI 750, 752, 753, 754 and SAP BASIS 700, 710, 730, 731, 804 Description: The issue allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing ...
CVE-2020-6217
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...
CVE-2020-6215
CVE-2020-6215 affects SAP NetWeaver AS ABAP with the BSP Test Application IT00. The issue is an open URL redirection caused by insufficient input/URL validation, enabling attackers to redirect users to a malicious site and potentially steal credentials. Affected versions cover SAP NetWeaver ABAP ...
CVE-2020-6205
SAP NetWeaver AS ABAP Business Server Pages (Smart Forms) is affected across SAP BASIS versions 7.00–7.54 due to insufficient encoding of user-controlled inputs, enabling unauthenticated users to perform a Reflected Cross-Site Scripting (XSS) that can deface content, steal user credentials, imper...
CVE-2019-0257
Customizing functionality of SAP NetWeaver AS ABAP Platform fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...
CVE-2019-0257
The CVE affects SAP NetWeaver AS ABAP Platform. The issue is in the customization functionality that does not perform necessary authorization checks for an authenticated user, enabling escalation of privileges. Affected versions include: 7.0–7.02; 7.10–7.11; 7.30; 7.31; 7.40; 7.50–7.53; and 7.74–...
CVE-2018-2494
The CVE-2018-2494 entry concerns privilege escalation due to insufficient authorization checks for an authenticated user in SAP NetWeaver SAP Basis AS ABAP. Connected sources confirm the affected software as SAP NetWeaver 700–750, with the fix delivered from version 750 onward as ABAP Platform. I...
CVE-2018-2494
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform...
Design/Logic Flaw
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...
Potential backdoor via hardcoded system ID
Application: SAP NetWeaver AS ABAP Vendor URL: http://sap.com Bugs: Hardcoded credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Reference: SAP Security Note 2292487 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Hardcoded credential...
CVE-2015-1309
XML external entity vulnerability in the Extended Computer Aided Test Tool eCATT in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATTDISPLAYXMLSTRINGREMOTE, aka SAP Note 2016638...
CVE-2015-1309
The CVE-2015-1309 entry describes an XML External Entity (XXE) vulnerability in SAP NetWeaver AS ABAP, affecting the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier. The root cause is and was exposure to crafted XML requests that leverage ECATT_DISPLAY_XMLSTRIN...
CVE-2014-8312
CVE-2014-8312 affects SAP NetWeaver AS ABAP 7.31 (Business Warehouse BW). The vulnerability is caused by the RSDU_CCMS_GET_PROFILE_PARAM RFC function, where remote authenticated users can obtain sensitive information due to insufficient access control. Affected component is SAP NetWeaver ABAP, ve...
CVE-2013-6815
The SHSTIUPLOADXML function in the Application Server for ABAP AS ABAP in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity XXE issue...