CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Prion•added 2024/02/13 2:15 a.m.•17 views

Cross site scripting

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious...

4CVSS6.2AI score0.00351EPSS

Exploits0References2

CVE•added 2024/02/13 2:2 a.m.•47 views

CVE-2024-22128

CVE-2024-22128 affects SAP NWBC for HTML. The issue is insufficient encoding of user-controlled inputs in versions SAP_UI 754–758 and SAP_BASIS 700–702, 731, enabling unauthenticated attackers to inject malicious JavaScript and impact confidentiality and integrity of application data after exploi...

6.1CVSS5.1AI score0.00351EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/02/13 2:2 a.m.•22 views

CVE-2024-22128 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML

SAP NWBC for HTML - versions SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPBASIS 700, SAPBASIS 701, SAPBASIS 702, SAPBASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An unauthenticated attacker can inject malicious javascript to...

4.7CVSS5AI score0.00351EPSS

Exploits0References2

Vulnrichment•added 2024/02/13 2:2 a.m.•21 views

CVE-2024-22128 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Business Client for HTML

4.7CVSS5.1AI score0.00351EPSS

Exploits0References2

NVD•added 2023/12/12 2:15 a.m.•21 views

CVE-2023-49584

SAP Fiori launchpad - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, SAPUI 758, UI700 200, SAPBASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application...

4.3CVSS0.00479EPSS

Exploits0References2

Prion•added 2023/12/12 2:15 a.m.•19 views

Design/Logic Flaw

4CVSS7.1AI score0.00479EPSS

Exploits0References2Affected Software1

CVE•added 2023/12/12 1:35 a.m.•48 views

CVE-2023-49584

CVE-2023-49584 affects SAP Fiori Launchpad components across multiple SAP_UI versions (750, 754–758), UI_700 200, and SAP_BASIS 793. The issue allows an attacker to issue HTTP POST requests against a read-only service, resulting in low confidentiality impact per the provided description. Root cau...

4.3CVSS4.6AI score0.00479EPSS

Exploits0References2Affected Software1

CVE•added 2023/12/12 1:9 a.m.•49 views

CVE-2023-49580

SAP GUI for Windows and SAP GUI for Java — affected: SAP_BASIS 755, 756, 757, 758. Unauthenticated attacker can access restricted/confidential information and can create Layout configurations in the ABAP List Viewer, causing mild impacts to integrity and availability (e.g., increased ABAP respons...

7.3CVSS7.2AI score0.00478EPSS

Exploits0References2Affected Software1

CVE•added 2023/09/12 2:0 a.m.•75 views

CVE-2023-40624

SAP NetWeaver AS ABAP (Unified Rendering) is affected in SAP_UI 754–758 and SAP_BASIS 702, 731. The root cause is insufficient validation/escaping of user-supplied data, allowing an attacker to inject JavaScript that is executed in the web application. This can enable an attacker to influence the...

5.5CVSS5.4AI score0.00346EPSS

Exploits0References2Affected Software1

Packet Storm•added 2022/06/21 12:0 a.m.•573 views

SAP Fiori Launchpad Cross Site Scripting

Onapsis Security Advisory 2022-0005: Cross-Site Scripting XSS vulnerability in SAP Fiori launchpad Impact on Business Impact depends on the victim's privileges. In most cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired requests in the SAP...

6.1CVSS0.4AI score0.01383EPSS

Exploits2

Prion•added 2021/06/09 2:15 p.m.•18 views

Cross site scripting

SAP NetWeaver Application Server ABAP Applications based on Web Dynpro ABAP, versions - SAPUI - 750,752,753,754,755, SAPBASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

3.5CVSS5.3AI score0.00473EPSS

Exploits0References2Affected Software1

CVE•added 2021/06/09 1:32 p.m.•53 views

CVE-2021-33664

CVE-2021-33664 affects SAP NetWeaver Application Server ABAP (Web Dynpro ABAP) with SAP_UI versions 750–755 and SAP_BASIS 702, 731, where user-controlled inputs are not sufficiently encoded, causing a Cross-Site Scripting (XSS) vulnerability. Connected records from SAP and security portals confir...

5.4CVSS5.3AI score0.00473EPSS

Exploits0References2Affected Software1

Prion•added 2020/02/12 8:15 p.m.•18 views

Cross site scripting

Under certain conditions, ABAP Online Community in SAP NetWeaver SAPBASIS version 7.40 and SAP S/4HANA SAPBASIS versions 7.50, 7.51, 7.52, 7.53, 7.54, does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting XSS vulnerability...

4.3CVSS6AI score0.00963EPSS

Exploits0References2Affected Software2

Prion•added 2020/02/12 8:15 p.m.•20 views

Design/Logic Flaw

Under some circumstances the SAML SSO implementation in the SAP NetWeaver SAPBASIS versions 702, 730, 731, 740 and SAP ABAP Platform SAPBASIS versions 750, 751, 752, 753, 754, allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response...

5CVSS5.6AI score0.00775EPSS

Exploits0References2Affected Software2

Cvelist•added 2020/02/12 7:46 p.m.•25 views

CVE-2020-6181

5.8CVSS5.6AI score0.00775EPSS

Exploits0References2

CVE•added 2020/02/12 7:46 p.m.•70 views

CVE-2020-6184

The CVE-2020-6184 issue affects SAP NetWeaver ABAP Online Community in SAP_BASIS 7.40 and SAP_BASIS 7.50–7.54 (S/4HANA). The vulnerability arises from insufficient encoding of user-controlled inputs in the ABAP Online Community, leading to Reflected Cross-Site Scripting (XSS). The connected sourc...

6.1CVSS6AI score0.00963EPSS

Exploits0References2Affected Software2

Prion•added 2016/10/05 4:59 p.m.•15 views

Code injection

The 1 SAPBASIS and 2 SAPABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621...

5CVSS7.2AI score0.01354EPSS

Exploits0References3Affected Software3

Packet Storm•added 2016/10/03 12:0 a.m.•60 views

SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection

Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTCTMSMAINTAINALOG 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information...

9CVSS9.4AI score0.03342EPSS

Exploits6

erpscan•added 2010/05/02 12:0 a.m.•27 views

SAP NetWeaver logon.html — XSS

Application: SAP NetWeaver Versions Affected: SAP NetWeaver SAPBASIS 620-730 Vendor URL: Bugs: XSS Exploits: YES Reported: 05.02.2010 Vendor response: 06.02.2010 Date of Public Advisory: 09.03.2011 CVE-number: Author: Alexey Sintsov Description SAP NetWeaver BSP logon page has linked XSS...

6.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by