Lucene search
+L

58 matches found

CVE
CVE
added 2020/09/09 1:10 p.m.58 views

CVE-2020-6324

The CVE-2020-6324 entry affects SAP NetWeaver AS ABAP (BSP Test Application sbspext_table) across SAP NetWeaver ABAP versions 700–755. The vulnerability is a Reflected Cross-Site Scripting issue triggered by an unauthenticated user sending a polluted URL; when the victim clicks, the attacker can ...

6.1CVSS6.1AI score0.00895EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/06/10 1:15 p.m.33 views

CVE-2020-6270

SAP NetWeaver AS ABAP Banking Services, versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...

6.5CVSS0.00804EPSS
Exploits0References2
Prion
Prion
added 2020/06/10 1:15 p.m.20 views

Authorization

SAP NetWeaver AS ABAP Banking Services, versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user...

4CVSS6.4AI score0.00804EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/06/10 12:34 p.m.45 views

CVE-2020-6246

CVE-2020-6246 affects SAP NetWeaver AS ABAP Business Server Pages SBSPEXT_TABLE (versions 700–754). It is a reflected XSS due to insufficient encoding of user-controlled inputs in SBSPEXT_TABLE, as documented by SAP/Red Hat and NVD references. Impacts: low confidentiality and integrity (per CVSS ...

6.1CVSS5.9AI score0.00654EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/12 12:0 a.m.6 views

PT-2020-19036 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP Web Dynpro ABAP versions SAP UI 750, 752, 753, 754 and SAP BASIS 700, 710, 730, 731, 804 Description: The issue allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing ...

7.5CVSS5.5AI score0.01386EPSS
Exploits0References4
OSV
OSV
added 2020/04/14 8:15 p.m.7 views

CVE-2020-6217

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6.3AI score0.00654EPSS
Exploits0References2
CVE
CVE
added 2020/04/14 12:0 a.m.87 views

CVE-2020-6215

CVE-2020-6215 affects SAP NetWeaver AS ABAP with the BSP Test Application IT00. The issue is an open URL redirection caused by insufficient input/URL validation, enabling attackers to redirect users to a malicious site and potentially steal credentials. Affected versions cover SAP NetWeaver ABAP ...

6.1CVSS6.1AI score0.01513EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/03/10 8:20 p.m.83 views

CVE-2020-6205

SAP NetWeaver AS ABAP Business Server Pages (Smart Forms) is affected across SAP BASIS versions 7.00–7.54 due to insufficient encoding of user-controlled inputs, enabling unauthenticated users to perform a Reflected Cross-Site Scripting (XSS) that can deface content, steal user credentials, imper...

6.1CVSS6.2AI score0.00749EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/02/15 6:29 p.m.24 views

CVE-2019-0257

Customizing functionality of SAP NetWeaver AS ABAP Platform fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...

8.8CVSS8.9AI score0.0139EPSS
Exploits0References3
CVE
CVE
added 2019/02/15 6:0 p.m.72 views

CVE-2019-0257

The CVE affects SAP NetWeaver AS ABAP Platform. The issue is in the customization functionality that does not perform necessary authorization checks for an authenticated user, enabling escalation of privileges. Affected versions include: 7.0–7.02; 7.10–7.11; 7.30; 7.31; 7.40; 7.50–7.53; and 7.74–...

8.8CVSS8.7AI score0.0139EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2018/12/11 11:0 p.m.54 views

CVE-2018-2494

The CVE-2018-2494 entry concerns privilege escalation due to insufficient authorization checks for an authenticated user in SAP NetWeaver SAP Basis AS ABAP. Connected sources confirm the affected software as SAP NetWeaver 700–750, with the fix delivered from version 750 onward as ABAP Platform. I...

8CVSS8AI score0.00758EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/12/11 11:0 p.m.19 views

CVE-2018-2494

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform...

8.2AI score0.00758EPSS
Exploits0References2
Prion
Prion
added 2017/07/12 4:29 p.m.25 views

Design/Logic Flaw

SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service process crash via vectors involving disp+work.exe, aka SAP Security Note 2406841...

4CVSS6.6AI score0.02255EPSS
Exploits1References2Affected Software1
erpscan
erpscan
added 2016/01/02 12:0 a.m.18 views

Potential backdoor via hardcoded system ID

Application: SAP NetWeaver AS ABAP Vendor URL: http://sap.com Bugs: Hardcoded credentials Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 10.05.2016 Reference: SAP Security Note 2292487 Author: Vahagn VardanyanERPScan VULNERABILITY INFORMATION Class: Hardcoded credential...

0.3AI score
Exploits0
NVD
NVD
added 2015/01/22 4:59 p.m.25 views

CVE-2015-1309

XML external entity vulnerability in the Extended Computer Aided Test Tool eCATT in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATTDISPLAYXMLSTRINGREMOTE, aka SAP Note 2016638...

5CVSS6.7AI score0.02228EPSS
Exploits0References3
CVE
CVE
added 2015/01/22 4:0 p.m.57 views

CVE-2015-1309

The CVE-2015-1309 entry describes an XML External Entity (XXE) vulnerability in SAP NetWeaver AS ABAP, affecting the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier. The root cause is and was exposure to crafted XML requests that leverage ECATT_DISPLAY_XMLSTRIN...

5CVSS6.9AI score0.02228EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/10/16 7:0 p.m.59 views

CVE-2014-8312

CVE-2014-8312 affects SAP NetWeaver AS ABAP 7.31 (Business Warehouse BW). The vulnerability is caused by the RSDU_CCMS_GET_PROFILE_PARAM RFC function, where remote authenticated users can obtain sensitive information due to insufficient access control. Affected component is SAP NetWeaver ABAP, ve...

3.5CVSS5.9AI score0.02103EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2013/11/20 2:12 p.m.20 views

CVE-2013-6815

The SHSTIUPLOADXML function in the Application Server for ABAP AS ABAP in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity XXE issue...

5CVSS6.7AI score0.0169EPSS
Exploits0References4
Rows per page
Query Builder