EUVD-2017-7875

Malware in sbrugna...

SAP Fiori Launchpad Cross Site Scripting

Onapsis Security Advisory 2022-0005: Cross-Site Scripting XSS vulnerability in SAP Fiori launchpad Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired requests in the SAP...

CVE-2014-9320

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SIPLATFORMSEARCHSERVERLOGONTOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905...

CVE-2015-2074

The File Repository Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681...

Design/Logic Flaw

The File RepositoRy Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682...

Design/Logic Flaw

The File Repository Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681...

Code injection

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SIPLATFORMSEARCHSERVERLOGONTOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905...

CVE-2014-9320

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SIPLATFORMSEARCHSERVERLOGONTOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905...

CVE-2015-2074

The CVE-2015-2074 issue affects SAP BusinessObjects Edge 4.0: the File Repository Server (FRS) CORBA listener allows remote, unauthenticated writers to overwrite arbitrary files via a full pathname. Onapsis/SAP notes describe this vulnerability and patch SAP Note 2018681 with fixes for affected r...

SAP Netweaver JAVA 7.50 Missing Authorization

Onapsis Security Advisory 2021-0013: CVE-2020-26829 - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication Impact on Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in order to connect to the...

Unspecified Vulnerability in SAP Note Assistan

SAP Note Assistant is a tool to help automate the import of changes in SAP Notes, a document created by a developer who finds a bug in an ABAP program that describes the problem and the associated program modification code. An unspecified vulnerability exists in SAP Note Assistant. An attacker...

Unspecified Vulnerability in SAP BASIS SAP Note Assistant

SAP BASIS is Germany SAP SAP company engaged in sap system management of a role, mainly responsible for sap system planning, installation, configuration, monitoring, maintenance, tuning, etc. SAP Note Assistant is one of the Note problem-solving aids. Mainly responsible for sap system planning,...

Design/Logic Flaw

SAP Note Assistant tool SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52 supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible...

CVE-2017-16691

SAP Note Assistant tool SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52 supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible...

SAP Note Assistant Insecure handling of SAP Notes signature vulnerability

Advisory ID Internal CORE-2017-0011 1. Advisory Information Title: SAP Note Assistant Insecure handling of SAP Notes signature vulnerability Advisory ID: CORE-2017-0011 Advisory...

CVE-2016-9563

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via the sap.comtcbpemhimuwlconnproviderweb/bpemuwlconn URI, aka SAP Security Note 2296909...

CVE-2016-3976

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ dot dot backslash in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971...

PT-2016-3362 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS JAVA version 7.5 Description: The issue is related to an XML External Entity XXE vulnerability in the BC-BMT-BPM-DSK component of SAP NetWeaver AS JAVA. This vulnerability allows remote authenticated users to conduct XXE...

PT-2016-1176 · Sap · Sap Netweaver J2Ee Engine

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver J2EE Engine version 7.40 Description: The issue is related to a SQL injection vulnerability in the UDDI server of the SAP NetWeaver J2EE Engine. This vulnerability allows remote attackers to execute arbitrary SQL commands via...

CVE-2015-2076

The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395...