64 matches found
CVE-2019-0284
SLD Registration in SAP HANA fixed in versions 1.0, 2.0 does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity XXE. This can cause SLDREG to, for example, continuously loop,...
Xxe
SLD Registration in SAP HANA fixed in versions 1.0, 2.0 does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity XXE. This can cause SLDREG to, for example, continuously loop,...
CVE-2019-0284
CVE-2019-0284 relates to SAP HANA: the SLD Registration (SLDREG) component accepts XML from untrusted sources and does not adequately validate it, enabling an XML External Entity (XXE) reference. An attacker can invoke SLDREG with an XML file containing an XXE payload, potentially causing looping...
CVE-2019-0265
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...
Design/Logic Flaw
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...
CVE-2019-0265
CVE-2019-0265 affects SAP ABAP Platform SLD registration, enabling DoS by crashing or flooding the service. Affected kernel components include KRNL32NUC/UC and KRNL64NUC/UC with various 7.21–7.22/7.49 streams; 7.73 kernel also addressed for multiple upgrades (7.21–7.22, 7.45, 7.49, 7.53, 7.73, 7....
CVE-2019-0265
SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...
buscarbvs.sld.cu XSS vulnerability
Open Bug Bounty ID: OBB-607524 Description| Value ---|--- Affected Website:| buscarbvs.sld.cu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
SAP SLD Registration Program Denial of Service Vulnerability
The SAP SLD Registration Program SLDREG is a set of tools from SAP Germany for registering SAP systems in the System Architecture Catalog. A security vulnerability exists in SAP SLDREG. A local attacker can exploit this vulnerability to cause a denial of service memory corruption and process...
Memory corruption
SAP SLD Registration Program aka SLDREG allows local users to cause a denial of service memory corruption and process termination via a crafted HOST parameter, aka SAP Security Note 2125623...
CVE-2016-3638
SAP SLD Registration Program (SLDREG) is the affected component. The issue enables a local attacker to cause a denial of service via a crafted HOST parameter, due to memory corruption and process termination. The root cause is the handling of the HOST parameter within SLDREG. The impact is a loca...
SAP NetWeaver 7.5 Information disclosure + port scan in SLD test application
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver SLD Vendor URL: SAP Bugs: Information disclosure Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 08.11.2016 Reference: SAP Security Note 2342940 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION...
[Onapsis Security Advisory 2014-020] SAP SLD Information Tampering
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-020: SAP SLD Information Tampering 1. Impact on Business ===================== By exploiting this vulnerability, a remote unauthenticated attacker might be able to modify technical information about the SAP systems...
CVE-2014-4003
The System Landscape Directory SLD in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system...
Information disclosure
The System Landscape Directory SLD in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system...
CVE-2014-4003
The System Landscape Directory SLD in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system...
CVE-2014-4003
CVE-2014-4003 refers to the SAP NetWeaver System Landscape Directory (SLD) vulnerability where remote attackers can modify information through vectors related to adding a system. The core impact is information tampering with SLD data, as described in multiple sources (NVD entry and SAP-related ad...
Design/Logic Flaw
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the System Landscape Directory SLD component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter to testsdic and the 2 helpstring parameter to paramhelp.jsp...
CVE-2010-2904
CVE-2010-2904 documents describe multiple cross-site scripting (XSS) vulnerabilities in the SAP NetWeaver System Landscape Directory (SLD) component, affecting versions 6.4 through 7.02. The root cause involves injection of arbitrary web script or HTML via (1) the action parameter to testsdic and...