Lucene search
+L

64 matches found

nvd
nvd
added 2019/04/10 9:29 p.m.21 views

CVE-2019-0284

SLD Registration in SAP HANA fixed in versions 1.0, 2.0 does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity XXE. This can cause SLDREG to, for example, continuously loop,...

6CVSS5.9AI score0.00352EPSS
Exploits0References2
prion
prion
added 2019/04/10 9:29 p.m.24 views

Xxe

SLD Registration in SAP HANA fixed in versions 1.0, 2.0 does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity XXE. This can cause SLDREG to, for example, continuously loop,...

3.6CVSS5.9AI score0.00352EPSS
Exploits0References2Affected Software1
cve
cve
added 2019/04/10 8:25 p.m.58 views

CVE-2019-0284

CVE-2019-0284 relates to SAP HANA: the SLD Registration (SLDREG) component accepts XML from untrusted sources and does not adequately validate it, enabling an XML External Entity (XXE) reference. An attacker can invoke SLDREG with an XML file containing an XXE payload, potentially causing looping...

6CVSS5.8AI score0.00352EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2019/02/15 6:29 p.m.20 views

CVE-2019-0265

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...

4.9CVSS5.1AI score0.02054EPSS
Exploits0References4
prion
prion
added 2019/02/15 6:29 p.m.21 views

Design/Logic Flaw

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...

4CVSS5.1AI score0.02054EPSS
Exploits0References4Affected Software5
cve
cve
added 2019/02/15 6:0 p.m.70 views

CVE-2019-0265

CVE-2019-0265 affects SAP ABAP Platform SLD registration, enabling DoS by crashing or flooding the service. Affected kernel components include KRNL32NUC/UC and KRNL64NUC/UC with various 7.21–7.22/7.49 streams; 7.73 kernel also addressed for multiple upgrades (7.21–7.22, 7.45, 7.49, 7.53, 7.73, 7....

4.9CVSS5.1AI score0.02054EPSS
Exploits0References4Affected Software5
cvelist
cvelist
added 2019/02/15 6:0 p.m.20 views

CVE-2019-0265

SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Fixed in versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT,KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT,...

5.1AI score0.02054EPSS
Exploits0References4
openbugbounty
openbugbounty
added 2018/04/24 9:3 a.m.9 views

buscarbvs.sld.cu XSS vulnerability

Open Bug Bounty ID: OBB-607524 Description| Value ---|--- Affected Website:| buscarbvs.sld.cu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

0.1AI score
Exploits0
cnvd
cnvd
added 2016/10/20 12:0 a.m.5 views

SAP SLD Registration Program Denial of Service Vulnerability

The SAP SLD Registration Program SLDREG is a set of tools from SAP Germany for registering SAP systems in the System Architecture Catalog. A security vulnerability exists in SAP SLDREG. A local attacker can exploit this vulnerability to cause a denial of service memory corruption and process...

5.5CVSS6.5AI score0.00495EPSS
Exploits0References1
prion
prion
added 2016/10/13 2:59 p.m.14 views

Memory corruption

SAP SLD Registration Program aka SLDREG allows local users to cause a denial of service memory corruption and process termination via a crafted HOST parameter, aka SAP Security Note 2125623...

2.1CVSS6.9AI score0.00495EPSS
Exploits0References5
cve
cve
added 2016/10/13 2:0 p.m.41 views

CVE-2016-3638

SAP SLD Registration Program (SLDREG) is the affected component. The issue enables a local attacker to cause a denial of service via a crafted HOST parameter, due to memory corruption and process termination. The root cause is the handling of the HOST parameter within SLDREG. The impact is a loca...

5.5CVSS5.4AI score0.00495EPSS
Exploits0References5Affected Software1
erpscan
erpscan
added 2016/04/22 12:0 a.m.37 views

SAP NetWeaver 7.5 Information disclosure + port scan in SLD test application

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver SLD Vendor URL: SAP Bugs: Information disclosure Reported: 22.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 08.11.2016 Reference: SAP Security Note 2342940 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION...

7AI score
Exploits0
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.64 views

[Onapsis Security Advisory 2014-020] SAP SLD Information Tampering

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-020: SAP SLD Information Tampering 1. Impact on Business ===================== By exploiting this vulnerability, a remote unauthenticated attacker might be able to modify technical information about the SAP systems...

6.7AI score
Exploits0
nvd
nvd
added 2014/06/09 8:55 p.m.20 views

CVE-2014-4003

The System Landscape Directory SLD in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system...

7.5CVSS6.3AI score0.0299EPSS
Exploits0References7
prion
prion
added 2014/06/09 8:55 p.m.21 views

Information disclosure

The System Landscape Directory SLD in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system...

7.5CVSS6.9AI score0.0299EPSS
Exploits0References7
cvelist
cvelist
added 2014/06/09 8:0 p.m.25 views

CVE-2014-4003

The System Landscape Directory SLD in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system...

6.3AI score0.0299EPSS
Exploits0References7
cve
cve
added 2014/06/09 8:0 p.m.58 views

CVE-2014-4003

CVE-2014-4003 refers to the SAP NetWeaver System Landscape Directory (SLD) vulnerability where remote attackers can modify information through vectors related to adding a system. The core impact is information tampering with SLD data, as described in multiple sources (NVD entry and SAP-related ad...

7.5CVSS6.4AI score0.0299EPSS
Exploits0References7Affected Software1
prion
prion
added 2014/04/30 2:22 p.m.26 views

Design/Logic Flaw

SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection...

5CVSS7.2AI score0.0209EPSS
Exploits0References5
prion
prion
added 2010/07/28 9:30 p.m.22 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the System Landscape Directory SLD component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the 1 action parameter to testsdic and the 2 helpstring parameter to paramhelp.jsp...

4.3CVSS6.1AI score0.01292EPSS
Exploits0References8Affected Software2
cve
cve
added 2010/07/28 9:0 p.m.55 views

CVE-2010-2904

CVE-2010-2904 documents describe multiple cross-site scripting (XSS) vulnerabilities in the SAP NetWeaver System Landscape Directory (SLD) component, affecting versions 6.4 through 7.02. The root cause involves injection of arbitrary web script or HTML via (1) the action parameter to testsdic and...

4.3CVSS5.9AI score0.01292EPSS
Exploits0References8Affected Software2
Rows per page
Query Builder