6 matches found
CVE-2022-22536
CVE-2022-22536 affects SAP NetWeaver components (ABAP/Java stacks), ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher. The issue is HTTP request smuggling/concatenation caused by how the SAP ICM front end parses requests, enabling an unauthenticated attacker to prepend arbitrary data...
CVE-2023-40309
CVE-2023-40309 affects SAP CommonCryptoLib and is caused by insufficient authentication checks, enabling possible privilege escalation for an authenticated user and potential reading/modification/deletion of restricted data. The vulnerability is rated CRITICAL (CVSSv3.1: 9.8, AV:N/AC:L/PR:N/UI:N/...
CVE-2023-40308
The CVE-2023-40308 issue affects SAP CommonCryptoLib and is caused by memory corruption triggered by an unauthenticated crafted request sent to an open port. The resulting crash makes the target component unavailable, with no impact on confidentiality or integrity reported. Evidence across multip...
CVE-2024-33005
The CVE-2024-33005 issue affects SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server. Root cause: missing authorization checks in the local system allow admin users to impersonate other users and perform unintended actions. Impact: low confidentiality but ...
CVE-2023-26457
Technical details about CVE-2023-26457 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2015-4157
CVE-2015-4157 affects SAP Content Server. The available documents describe a remote denial-of-service risk (service termination) via unspecified vectors, as referenced by SAP Security Note 2127995. The primary sources do not specify the exact vulnerable component, affected versions, root cause, e...