190 matches found
CVE-2020-6307
Automated Note Search Tool update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54 does not perform sufficient authorization checks leading to the reading of sensitive information...
CVE-2020-6307
The CVE-2020-6307 issue affects SAP Basis Automated Note Search Tool across SAP Basis versions 7.00 to 7.54, where insufficient authorization checks allow reading of sensitive information. Multiple connected sources (Red Hat advisory, NVD entry, vendor notes, and Symantec writeup) corroborate an ...
SAP Basis Automated Note Search Tool CVE-2020-6307 Remote Authorization Bypass Vulnerability
Description SAP Basis is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Technologies Affected SAP Automated Note Search Tool SAP Basis 7.00 SAP Basis 7.01 SAP Basis 7.0...
CVE-2019-0328
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
Code injection
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
CVE-2019-0321
ABAP Server and ABAP Platform SAP Basis, versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0328
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
CVE-2019-0328
CVE-2019-0328 affects SAP NetWeaver Process Integration’s ABAP Tests Modules across SAP Basis versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5. The root cause is improper handling when constructing external OS commands from input data, allowing an attacker to execute OS commands with privileged rights. Con...
CVE-2019-0321
CVE-2019-0321 affects SAP ABAP Platform / SAP Basis (versions 7.31, 7.4, 7.5). The vulnerability arises from insufficient encoding of user-controlled inputs, leading to a Cross‑Site Scripting (XSS) issue. The connected PT-2019-4588 entry corroborates the issue and describes the affected versions ...
SAP ERP HCM CVE-2019-0325 Remote Authorization Bypass Vulnerability
Description SAP ERP HCM Basis is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. Technologies Affected SAP ERP HCM 3.0 Recommendations Block external access at the netwo...
PT-2019-4588 · Sap · Sap Basis
Name of the Vulnerable Software and Affected Versions: SAP Basis versions 7.31, 7.4, 7.5 Description: The issue arises from insufficient encoding of user-controlled inputs, leading to a Cross-Site Scripting XSS vulnerability. This can be exploited by a remote attacker to perform cross-site...
CVE-2019-0279
ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...
CVE-2019-0279
ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...
Authorization
ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...
CVE-2019-0279
CVE-2019-0279 concerns SAP BASIS: ABAP function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST. Connected sources confirm the issue arises from insufficient authorization checks in all circumstances for an authenticated user, enabling privilege escalati...
CVE-2019-0279
ABAP BASIS function modules INSTCREATER3RFCDEST, INSTCREATETCPIPRFCDEST, and INSTCREATETCPIPRFCDEST in SAP BASIS fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53 do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in...
SAP BASIS Authorization Issues Vulnerability
SAP BASIS is a content management system. SAP BASIS is vulnerable to an authorization issue. An attacker could exploit this vulnerability to gain unauthorized access and obtain sensitive information...
CVE-2019-0248
Under certain conditions SAP Gateway of ABAP Application Server fixed in SAPGWFND 7.5, 7.51, 7.52, 7.53; SAPBASIS 7.5 allows an attacker to access information which would otherwise be restricted...
CVE-2018-2494
The CVE-2018-2494 entry concerns privilege escalation due to insufficient authorization checks for an authenticated user in SAP NetWeaver SAP Basis AS ABAP. Connected sources confirm the affected software as SAP NetWeaver 700–750, with the fix delivered from version 750 onward as ABAP Platform. I...
Authorization
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform...