Lucene search
K

190 matches found

Cvelist
Cvelist
added 2020/01/14 5:52 p.m.29 views

CVE-2020-6307

Automated Note Search Tool update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54 does not perform sufficient authorization checks leading to the reading of sensitive information...

4.3CVSS4.7AI score0.00723EPSS
Exploits0References2
CVE
CVE
added 2020/01/14 5:52 p.m.53 views

CVE-2020-6307

The CVE-2020-6307 issue affects SAP Basis Automated Note Search Tool across SAP Basis versions 7.00 to 7.54, where insufficient authorization checks allow reading of sensitive information. Multiple connected sources (Red Hat advisory, NVD entry, vendor notes, and Symantec writeup) corroborate an ...

4.3CVSS4.6AI score0.00723EPSS
Exploits0References2Affected Software1
Symantec
Symantec
added 2020/01/14 12:0 a.m.75 views

SAP Basis Automated Note Search Tool CVE-2020-6307 Remote Authorization Bypass Vulnerability

Description SAP Basis is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Technologies Affected SAP Automated Note Search Tool SAP Basis 7.00 SAP Basis 7.01 SAP Basis 7.0...

0.8AI score0.00723EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/07/10 8:15 p.m.4 views

CVE-2019-0328

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

7.2CVSS7.2AI score0.03422EPSS
Exploits0References3
Prion
Prion
added 2019/07/10 8:15 p.m.25 views

Code injection

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

9CVSS7.1AI score0.03422EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/07/10 7:15 p.m.4 views

CVE-2019-0321

ABAP Server and ABAP Platform SAP Basis, versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6.3AI score0.01337EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/07/10 7:10 p.m.29 views

CVE-2019-0328

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

7.1AI score0.03422EPSS
Exploits0References3
CVE
CVE
added 2019/07/10 7:10 p.m.157 views

CVE-2019-0328

CVE-2019-0328 affects SAP NetWeaver Process Integration’s ABAP Tests Modules across SAP Basis versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5. The root cause is improper handling when constructing external OS commands from input data, allowing an attacker to execute OS commands with privileged rights. Con...

9CVSS7.1AI score0.03422EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2019/07/10 6:54 p.m.148 views

CVE-2019-0321

CVE-2019-0321 affects SAP ABAP Platform / SAP Basis (versions 7.31, 7.4, 7.5). The vulnerability arises from insufficient encoding of user-controlled inputs, leading to a Cross‑Site Scripting (XSS) issue. The connected PT-2019-4588 entry corroborates the issue and describes the affected versions ...

6.1CVSS6AI score0.01337EPSS
Exploits0References3Affected Software2
Symantec
Symantec
added 2019/07/09 12:0 a.m.28 views

SAP ERP HCM CVE-2019-0325 Remote Authorization Bypass Vulnerability

Description SAP ERP HCM Basis is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Technologies Affected SAP ERP HCM 3.0 Recommendations Block external access at the netwo...

4.9CVSS0.3AI score0.00792EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/09 12:0 a.m.4 views

PT-2019-4588 · Sap · Sap Basis

Name of the Vulnerable Software and Affected Versions: SAP Basis versions 7.31, 7.4, 7.5 Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. This can be exploited by a remote attacker to perform cross-site...

6.4CVSS6AI score0.01337EPSS
Exploits0References5
OSV
OSV
added 2019/04/10 9:29 p.m.4 views

CVE-2019-0279

ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...

8.8CVSS5.8AI score0.01131EPSS
Exploits0References2
NVD
NVD
added 2019/04/10 9:29 p.m.18 views

CVE-2019-0279

ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...

8.8CVSS8.9AI score0.01131EPSS
Exploits0References2
Prion
Prion
added 2019/04/10 9:29 p.m.15 views

Authorization

ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...

6.5CVSS8.8AI score0.01131EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/04/10 8:17 p.m.55 views

CVE-2019-0279

CVE-2019-0279 concerns SAP BASIS: ABAP function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST. Connected sources confirm the issue arises from insufficient authorization checks in all circumstances for an authenticated user, enabling privilege escalati...

8.8CVSS8.7AI score0.01131EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/04/10 8:17 p.m.19 views

CVE-2019-0279

ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...

8.9AI score0.01131EPSS
Exploits0References2
CNVD
CNVD
added 2019/04/10 12:0 a.m.2 views

SAP BASIS Authorization Issues Vulnerability

SAP BASIS is a content management system. SAP BASIS is vulnerable to an authorization issue. An attacker could exploit this vulnerability to gain unauthorized access and obtain sensitive information...

8.8CVSS6.8AI score0.01131EPSS
Exploits0References1
OSV
OSV
added 2019/01/08 8:29 p.m.5 views

CVE-2019-0248

Under certain conditions SAP Gateway of ABAP Application Server fixed in SAPGWFND 7.5, 7.51, 7.52, 7.53; SAPBASIS 7.5 allows an attacker to access information which would otherwise be restricted...

5.9CVSS5.8AI score0.01564EPSS
Exploits0References3
CVE
CVE
added 2018/12/11 11:0 p.m.53 views

CVE-2018-2494

The CVE-2018-2494 entry concerns privilege escalation due to insufficient authorization checks for an authenticated user in SAP NetWeaver SAP Basis AS ABAP. Connected sources confirm the affected software as SAP NetWeaver 700–750, with the fix delivered from version 750 onward as ABAP Platform. I...

8CVSS8AI score0.00758EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/12/11 10:29 p.m.20 views

Authorization

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform...

6.5CVSS8.1AI score0.00758EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder