All the vulnerabilites related to sap - netweaver_abap
cve-2022-22545
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
EPSS score ?
Summary
A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.support.sap.com/#/notes/3128473 | x_refsource_MISC | |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver Application Server ABAP and ABAP Platform |
Version: 700 Version: 701 Version: 702 Version: 710 Version: 711 Version: 730 Version: 731 Version: 740 Version: 750 Version: 751 Version: 752 Version: 753 Version: 754 Version: 755 Version: 756 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3128473"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Application Server ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "700"
},
{
"status": "affected",
"version": "701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "710"
},
{
"status": "affected",
"version": "711"
},
{
"status": "affected",
"version": "730"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "752"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "755"
},
{
"status": "affected",
"version": "756"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:19:23",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3128473"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-22545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Application Server ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "700"
},
{
"version_affected": "=",
"version_value": "701"
},
{
"version_affected": "=",
"version_value": "702"
},
{
"version_affected": "=",
"version_value": "710"
},
{
"version_affected": "=",
"version_value": "711"
},
{
"version_affected": "=",
"version_value": "730"
},
{
"version_affected": "=",
"version_value": "731"
},
{
"version_affected": "=",
"version_value": "740"
},
{
"version_affected": "=",
"version_value": "750"
},
{
"version_affected": "=",
"version_value": "751"
},
{
"version_affected": "=",
"version_value": "752"
},
{
"version_affected": "=",
"version_value": "753"
},
{
"version_affected": "=",
"version_value": "754"
},
{
"version_affected": "=",
"version_value": "755"
},
{
"version_affected": "=",
"version_value": "756"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/3128473",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3128473"
},
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-22545",
"datePublished": "2022-02-09T22:05:27",
"dateReserved": "2022-01-04T00:00:00",
"dateUpdated": "2024-08-03T03:14:55.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27634
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS for ABAP (RFC Gateway) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 Version: < 7.77 Version: < 7.81 Version: < 7.82 Version: < 7.83 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3020209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for ABAP (RFC Gateway)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
},
{
"status": "affected",
"version": "\u003c 7.77"
},
{
"status": "affected",
"version": "\u003c 7.81"
},
{
"status": "affected",
"version": "\u003c 7.82"
},
{
"status": "affected",
"version": "\u003c 7.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Improper Input Validation (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3020209"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27634",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27633
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS for ABAP (RFC Gateway) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 Version: < 7.77 Version: < 7.81 Version: < 7.82 Version: < 7.83 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3020209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for ABAP (RFC Gateway)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
},
{
"status": "affected",
"version": "\u003c 7.77"
},
{
"status": "affected",
"version": "\u003c 7.81"
},
{
"status": "affected",
"version": "\u003c 7.82"
},
{
"status": "affected",
"version": "\u003c 7.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Improper Input Validation (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3020209"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27633",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28215
Vulnerability from cvelistv5
Published
2022-04-12 16:11
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3165333 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver ABAP Server and ABAP Platform |
Version: 740 Version: 750 Version: 787 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:48:37.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3165333"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver ABAP Server and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "740"
},
{
"status": "affected",
"version": "750"
},
{
"status": "affected",
"version": "787"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T16:11:33",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3165333"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-28215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver ABAP Server and ABAP Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "740"
},
{
"version_affected": "=",
"version_value": "750"
},
{
"version_affected": "=",
"version_value": "787"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3165333",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3165333"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-28215",
"datePublished": "2022-04-12T16:11:33",
"dateReserved": "2022-03-30T00:00:00",
"dateUpdated": "2024-08-03T05:48:37.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33684
Vulnerability from cvelistv5
Published
2021-07-14 11:04
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3032624 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS ABAP and ABAP Platform |
Version: < KRNL32NUC 7.21 Version: < 7.21EXT Version: < 7.22 Version: < 7.22EXT Version: < KRNL32UC 7.21 Version: < KRNL64NUC 7.21 Version: < 7.49 Version: < KRNL64UC 8.04 Version: < 7.21 Version: < 7.53 Version: < KERNEL 8.04 Version: < 7.77 Version: < 7.81 Version: < 7.84 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3032624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL32UC 7.21"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC 7.21"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC 8.04"
},
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c KERNEL 8.04"
},
{
"status": "affected",
"version": "\u003c 7.77"
},
{
"status": "affected",
"version": "\u003c 7.81"
},
{
"status": "affected",
"version": "\u003c 7.84"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Memory Corruption (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T11:04:32",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3032624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-33684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "KRNL32NUC 7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "KRNL32UC 7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "KRNL64NUC 7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "KRNL64UC 8.04"
},
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "KERNEL 8.04"
},
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "7.77"
},
{
"version_name": "\u003c",
"version_value": "7.81"
},
{
"version_name": "\u003c",
"version_value": "7.84"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3032624",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3032624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-33684",
"datePublished": "2021-07-14T11:04:32",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27597
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS for ABAP (RFC Gateway) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 Version: < 7.77 Version: < 7.81 Version: < 7.82 Version: < 7.83 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3020209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for ABAP (RFC Gateway)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
},
{
"status": "affected",
"version": "\u003c 7.77"
},
{
"status": "affected",
"version": "\u003c 7.81"
},
{
"status": "affected",
"version": "\u003c 7.82"
},
{
"status": "affected",
"version": "\u003c 7.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Improper Input Validation (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3020209"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27597",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:09.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38181
Vulnerability from cvelistv5
Published
2021-10-12 14:03
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.support.sap.com/#/notes/3080710 | x_refsource_MISC | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS ABAP and ABAP Platform |
Version: < 700 Version: < 701 Version: < 702 Version: < 730 Version: < 731 Version: < 740 Version: < 750 Version: < 751 Version: < 752 Version: < 753 Version: < 754 Version: < 755 Version: < 756 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:15.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3080710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 700"
},
{
"status": "affected",
"version": "\u003c 701"
},
{
"status": "affected",
"version": "\u003c 702"
},
{
"status": "affected",
"version": "\u003c 730"
},
{
"status": "affected",
"version": "\u003c 731"
},
{
"status": "affected",
"version": "\u003c 740"
},
{
"status": "affected",
"version": "\u003c 750"
},
{
"status": "affected",
"version": "\u003c 751"
},
{
"status": "affected",
"version": "\u003c 752"
},
{
"status": "affected",
"version": "\u003c 753"
},
{
"status": "affected",
"version": "\u003c 754"
},
{
"status": "affected",
"version": "\u003c 755"
},
{
"status": "affected",
"version": "\u003c 756"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T14:03:12",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3080710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-38181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "700"
},
{
"version_name": "\u003c",
"version_value": "701"
},
{
"version_name": "\u003c",
"version_value": "702"
},
{
"version_name": "\u003c",
"version_value": "730"
},
{
"version_name": "\u003c",
"version_value": "731"
},
{
"version_name": "\u003c",
"version_value": "740"
},
{
"version_name": "\u003c",
"version_value": "750"
},
{
"version_name": "\u003c",
"version_value": "751"
},
{
"version_name": "\u003c",
"version_value": "752"
},
{
"version_name": "\u003c",
"version_value": "753"
},
{
"version_name": "\u003c",
"version_value": "754"
},
{
"version_name": "\u003c",
"version_value": "755"
},
{
"version_name": "\u003c",
"version_value": "756"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/3080710",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3080710"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-38181",
"datePublished": "2021-10-12T14:03:13",
"dateReserved": "2021-08-07T00:00:00",
"dateUpdated": "2024-08-04T01:37:15.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1309
Vulnerability from cvelistv5
Published
2015-01-22 16:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
References
| ▼ | URL | Tags |
|---|---|---|
| https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/ | x_refsource_MISC | |
| http://secunia.com/advisories/62469 | third-party-advisory, x_refsource_SECUNIA | |
| https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/"
},
{
"name": "62469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/"
},
{
"name": "62469",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/"
},
{
"name": "62469",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62469"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1309",
"datePublished": "2015-01-22T16:00:00",
"dateReserved": "2015-01-22T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22543
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
EPSS score ?
Summary
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.support.sap.com/#/notes/3116223 | x_refsource_MISC | |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) |
Version: KERNEL 7.22 Version: 8.04 Version: 7.49 Version: 7.53 Version: 7.77 Version: 7.81 Version: 7.85 Version: 7.86 Version: 7.87 Version: KRNL64UC 8.04 Version: 7.22 Version: 7.22EXT Version: KRNL64NUC 7.22 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "8.04"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.86"
},
{
"status": "affected",
"version": "7.87"
},
{
"status": "affected",
"version": "KRNL64UC 8.04"
},
{
"status": "affected",
"version": "7.22"
},
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "KRNL64NUC 7.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:19:34",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-22543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "KERNEL 7.22"
},
{
"version_affected": "=",
"version_value": "8.04"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "7.77"
},
{
"version_affected": "=",
"version_value": "7.81"
},
{
"version_affected": "=",
"version_value": "7.85"
},
{
"version_affected": "=",
"version_value": "7.86"
},
{
"version_affected": "=",
"version_value": "7.87"
},
{
"version_affected": "=",
"version_value": "KRNL64UC 8.04"
},
{
"version_affected": "=",
"version_value": "7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "KRNL64NUC 7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/3116223",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-22543",
"datePublished": "2022-02-09T22:05:27",
"dateReserved": "2022-01-04T00:00:00",
"dateUpdated": "2024-08-03T03:14:55.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38178
Vulnerability from cvelistv5
Published
2021-10-12 14:03
Modified
2024-08-04 01:37
Severity ?
EPSS score ?
Summary
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3097887 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS ABAP and ABAP Platform |
Version: < 700 Version: < 701 Version: < 702 Version: < 710 Version: < 730 Version: < 731 Version: < 740 Version: < 750 Version: < 751 Version: < 752 Version: < 753 Version: < 754 Version: < 755 Version: < 756 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:15.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3097887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 700"
},
{
"status": "affected",
"version": "\u003c 701"
},
{
"status": "affected",
"version": "\u003c 702"
},
{
"status": "affected",
"version": "\u003c 710"
},
{
"status": "affected",
"version": "\u003c 730"
},
{
"status": "affected",
"version": "\u003c 731"
},
{
"status": "affected",
"version": "\u003c 740"
},
{
"status": "affected",
"version": "\u003c 750"
},
{
"status": "affected",
"version": "\u003c 751"
},
{
"status": "affected",
"version": "\u003c 752"
},
{
"status": "affected",
"version": "\u003c 753"
},
{
"status": "affected",
"version": "\u003c 754"
},
{
"status": "affected",
"version": "\u003c 755"
},
{
"status": "affected",
"version": "\u003c 756"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T14:03:34",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3097887"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-38178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "700"
},
{
"version_name": "\u003c",
"version_value": "701"
},
{
"version_name": "\u003c",
"version_value": "702"
},
{
"version_name": "\u003c",
"version_value": "710"
},
{
"version_name": "\u003c",
"version_value": "730"
},
{
"version_name": "\u003c",
"version_value": "731"
},
{
"version_name": "\u003c",
"version_value": "740"
},
{
"version_name": "\u003c",
"version_value": "750"
},
{
"version_name": "\u003c",
"version_value": "751"
},
{
"version_name": "\u003c",
"version_value": "752"
},
{
"version_name": "\u003c",
"version_value": "753"
},
{
"version_name": "\u003c",
"version_value": "754"
},
{
"version_name": "\u003c",
"version_value": "755"
},
{
"version_name": "\u003c",
"version_value": "756"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3097887",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3097887"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-38178",
"datePublished": "2021-10-12T14:03:34",
"dateReserved": "2021-08-07T00:00:00",
"dateUpdated": "2024-08-04T01:37:15.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8312
Vulnerability from cvelistv5
Published
2014-10-16 19:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/533645/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/70292 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2014/Oct/38 | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/61101 | third-party-advisory, x_refsource_SECUNIA | |
| http://scn.sap.com/docs/DOC-8218 | x_refsource_CONFIRM | |
| https://service.sap.com/sap/support/notes/1967780 | x_refsource_CONFIRM | |
| http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96877 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141008 [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533645/100/0/threaded"
},
{
"name": "70292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70292"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html"
},
{
"name": "20141008 [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/38"
},
{
"name": "61101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://service.sap.com/sap/support/notes/1967780"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033"
},
{
"name": "sap-business-warehouse-sec-bypass(96877)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141008 [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533645/100/0/threaded"
},
{
"name": "70292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70292"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html"
},
{
"name": "20141008 [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/38"
},
{
"name": "61101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://service.sap.com/sap/support/notes/1967780"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033"
},
{
"name": "sap-business-warehouse-sec-bypass(96877)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141008 [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533645/100/0/threaded"
},
{
"name": "70292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70292"
},
{
"name": "http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html"
},
{
"name": "20141008 [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/38"
},
{
"name": "61101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61101"
},
{
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"name": "https://service.sap.com/sap/support/notes/1967780",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1967780"
},
{
"name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033",
"refsource": "MISC",
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033"
},
{
"name": "sap-business-warehouse-sec-bypass(96877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8312",
"datePublished": "2014-10-16T19:00:00",
"dateReserved": "2014-10-16T00:00:00",
"dateUpdated": "2024-08-06T13:10:51.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9843
Vulnerability from cvelistv5
Published
2017-07-12 16:00
Modified
2024-08-05 17:18
Severity ?
EPSS score ?
Summary
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.
References
| ▼ | URL | Tags |
|---|---|---|
| https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-using-cl_java_script/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/96900 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:02.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-using-cl_java_script/"
},
{
"name": "96900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-using-cl_java_script/"
},
{
"name": "96900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-using-cl_java_script/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-using-cl_java_script/"
},
{
"name": "96900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9843",
"datePublished": "2017-07-12T16:00:00",
"dateReserved": "2017-06-24T00:00:00",
"dateUpdated": "2024-08-05T17:18:02.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27610
Vulnerability from cvelistv5
Published
2021-06-16 14:45
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3007182 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS ABAP and ABAP Platform |
Version: < 700 Version: < 701 Version: < 702 Version: < 731 Version: < 740 Version: < 750 Version: < 751 Version: < 752 Version: < 753 Version: < 754 Version: < 755 Version: < 804 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3007182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 700"
},
{
"status": "affected",
"version": "\u003c 701"
},
{
"status": "affected",
"version": "\u003c 702"
},
{
"status": "affected",
"version": "\u003c 731"
},
{
"status": "affected",
"version": "\u003c 740"
},
{
"status": "affected",
"version": "\u003c 750"
},
{
"status": "affected",
"version": "\u003c 751"
},
{
"status": "affected",
"version": "\u003c 752"
},
{
"status": "affected",
"version": "\u003c 753"
},
{
"status": "affected",
"version": "\u003c 754"
},
{
"status": "affected",
"version": "\u003c 755"
},
{
"status": "affected",
"version": "\u003c 804"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T14:45:57",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3007182"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-27610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "700"
},
{
"version_name": "\u003c",
"version_value": "701"
},
{
"version_name": "\u003c",
"version_value": "702"
},
{
"version_name": "\u003c",
"version_value": "731"
},
{
"version_name": "\u003c",
"version_value": "740"
},
{
"version_name": "\u003c",
"version_value": "750"
},
{
"version_name": "\u003c",
"version_value": "751"
},
{
"version_name": "\u003c",
"version_value": "752"
},
{
"version_name": "\u003c",
"version_value": "753"
},
{
"version_name": "\u003c",
"version_value": "754"
},
{
"version_name": "\u003c",
"version_value": "755"
},
{
"version_name": "\u003c",
"version_value": "804"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3007182",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3007182"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27610",
"datePublished": "2021-06-16T14:45:57",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:09.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33677
Vulnerability from cvelistv5
Published
2021-07-14 11:03
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3044754 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS ABAP and ABAP Platform |
Version: < 700 Version: < 702 Version: < 730 Version: < 731 Version: < 804 Version: < 740 Version: < 750 Version: < 784 Version: < DEV |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3044754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 700"
},
{
"status": "affected",
"version": "\u003c 702"
},
{
"status": "affected",
"version": "\u003c 730"
},
{
"status": "affected",
"version": "\u003c 731"
},
{
"status": "affected",
"version": "\u003c 804"
},
{
"status": "affected",
"version": "\u003c 740"
},
{
"status": "affected",
"version": "\u003c 750"
},
{
"status": "affected",
"version": "\u003c 784"
},
{
"status": "affected",
"version": "\u003c DEV"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T11:03:57",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3044754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-33677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "700"
},
{
"version_name": "\u003c",
"version_value": "702"
},
{
"version_name": "\u003c",
"version_value": "730"
},
{
"version_name": "\u003c",
"version_value": "731"
},
{
"version_name": "\u003c",
"version_value": "804"
},
{
"version_name": "\u003c",
"version_value": "740"
},
{
"version_name": "\u003c",
"version_value": "750"
},
{
"version_name": "\u003c",
"version_value": "784"
},
{
"version_name": "\u003c",
"version_value": "DEV"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3044754",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3044754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-33677",
"datePublished": "2021-07-14T11:03:57",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42067
Vulnerability from cvelistv5
Published
2022-01-14 19:11
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3112710 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS for ABAP and ABAP Platform |
Version: < 701 Version: < 702 Version: < 711 Version: < 730 Version: < 731 Version: < 740 Version: < 750 Version: < 751 Version: < 752 Version: < 753 Version: < 754 Version: < 755 Version: < 756 Version: < 786 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3112710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS for ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 701"
},
{
"status": "affected",
"version": "\u003c 702"
},
{
"status": "affected",
"version": "\u003c 711"
},
{
"status": "affected",
"version": "\u003c 730"
},
{
"status": "affected",
"version": "\u003c 731"
},
{
"status": "affected",
"version": "\u003c 740"
},
{
"status": "affected",
"version": "\u003c 750"
},
{
"status": "affected",
"version": "\u003c 751"
},
{
"status": "affected",
"version": "\u003c 752"
},
{
"status": "affected",
"version": "\u003c 753"
},
{
"status": "affected",
"version": "\u003c 754"
},
{
"status": "affected",
"version": "\u003c 755"
},
{
"status": "affected",
"version": "\u003c 756"
},
{
"status": "affected",
"version": "\u003c 786"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T19:11:31",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3112710"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-42067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "701"
},
{
"version_name": "\u003c",
"version_value": "702"
},
{
"version_name": "\u003c",
"version_value": "711"
},
{
"version_name": "\u003c",
"version_value": "730"
},
{
"version_name": "\u003c",
"version_value": "731"
},
{
"version_name": "\u003c",
"version_value": "740"
},
{
"version_name": "\u003c",
"version_value": "750"
},
{
"version_name": "\u003c",
"version_value": "751"
},
{
"version_name": "\u003c",
"version_value": "752"
},
{
"version_name": "\u003c",
"version_value": "753"
},
{
"version_name": "\u003c",
"version_value": "754"
},
{
"version_name": "\u003c",
"version_value": "755"
},
{
"version_name": "\u003c",
"version_value": "756"
},
{
"version_name": "\u003c",
"version_value": "786"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3112710",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3112710"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-42067",
"datePublished": "2022-01-14T19:11:31",
"dateReserved": "2021-10-07T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40495
Vulnerability from cvelistv5
Published
2021-10-12 14:03
Modified
2024-08-04 02:44
Severity ?
EPSS score ?
Summary
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3099011 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS ABAP and ABAP Platform |
Version: < 740 Version: < 750 Version: < 751 Version: < 752 Version: < 753 Version: < 754 Version: < 755 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3099011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 740"
},
{
"status": "affected",
"version": "\u003c 750"
},
{
"status": "affected",
"version": "\u003c 751"
},
{
"status": "affected",
"version": "\u003c 752"
},
{
"status": "affected",
"version": "\u003c 753"
},
{
"status": "affected",
"version": "\u003c 754"
},
{
"status": "affected",
"version": "\u003c 755"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T14:03:19",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3099011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-40495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "740"
},
{
"version_name": "\u003c",
"version_value": "750"
},
{
"version_name": "\u003c",
"version_value": "751"
},
{
"version_name": "\u003c",
"version_value": "752"
},
{
"version_name": "\u003c",
"version_value": "753"
},
{
"version_name": "\u003c",
"version_value": "754"
},
{
"version_name": "\u003c",
"version_value": "755"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3099011",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3099011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-40495",
"datePublished": "2021-10-12T14:03:19",
"dateReserved": "2021-09-03T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-33005
Vulnerability from cvelistv5
Published
2024-08-13 03:47
Modified
2024-08-13 13:29
Severity ?
EPSS score ?
Summary
Due to the missing authorization checks in the
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application
Server (ABAP and Java), and SAP Content Server can impersonate other users and
may perform some unintended actions. This could lead to a low impact on
confidentiality and a high impact on the integrity and availability of the
applications.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP_SE | SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server |
Version: KRNL64NUC 7.22 Version: KRNL64NUC 7.22EXT Version: KRNL64UC 7.22 Version: KRNL64UC 7.22EXT Version: KRNL64UC 7.53 Version: WEBDISP 7.53 Version: WEBDISP 7.77 Version: WEBDISP 7.85 Version: WEBDISP 7.22_EXT Version: WEBDISP 7.89 Version: WEBDISP 7.54 Version: WEBDISP 7.93 Version: KERNEL 7.22 Version: KERNEL 7.53 Version: KERNEL 7.77 Version: KERNEL 7.85 Version: KERNEL 7.89 Version: KERNEL 7.54 Version: KERNEL 7.93 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:28:54.486408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:29:16.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "KRNL64NUC 7.22"
},
{
"status": "affected",
"version": "KRNL64NUC 7.22EXT"
},
{
"status": "affected",
"version": "KRNL64UC 7.22"
},
{
"status": "affected",
"version": "KRNL64UC 7.22EXT"
},
{
"status": "affected",
"version": "KRNL64UC 7.53"
},
{
"status": "affected",
"version": "WEBDISP 7.53"
},
{
"status": "affected",
"version": "WEBDISP 7.77"
},
{
"status": "affected",
"version": "WEBDISP 7.85"
},
{
"status": "affected",
"version": "WEBDISP 7.22_EXT"
},
{
"status": "affected",
"version": "WEBDISP 7.89"
},
{
"status": "affected",
"version": "WEBDISP 7.54"
},
{
"status": "affected",
"version": "WEBDISP 7.93"
},
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "KERNEL 7.53"
},
{
"status": "affected",
"version": "KERNEL 7.77"
},
{
"status": "affected",
"version": "KERNEL 7.85"
},
{
"status": "affected",
"version": "KERNEL 7.89"
},
{
"status": "affected",
"version": "KERNEL 7.54"
},
{
"status": "affected",
"version": "KERNEL 7.93"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to the missing authorization checks in the\nlocal systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application\nServer (ABAP and Java), and SAP Content Server can impersonate other users and\nmay perform some unintended actions. This could lead to a low impact on\nconfidentiality and a high impact on the integrity and availability of the\napplications."
}
],
"value": "Due to the missing authorization checks in the\nlocal systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application\nServer (ABAP and Java), and SAP Content Server can impersonate other users and\nmay perform some unintended actions. This could lead to a low impact on\nconfidentiality and a high impact on the integrity and availability of the\napplications."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T03:47:44.829Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3438085"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2024-33005",
"datePublished": "2024-08-13T03:47:44.829Z",
"dateReserved": "2024-04-23T04:04:25.521Z",
"dateUpdated": "2024-08-13T13:29:16.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29614
Vulnerability from cvelistv5
Published
2022-06-14 18:27
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3158619 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2022/Sep/18 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database |
Version: KERNEL 7.22 Version: 7.49 Version: 7.53 Version: 7.77 Version: 7.81 Version: 7.85 Version: 7.86 Version: 7.87 Version: 7.88 Version: KRNL64NUC 7.22 Version: 7.22EXT Version: KRNL64UC 7.22 Version: SAPHOSTAGENT 7.22 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3158619"
},
{
"name": "20220915 SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP SAPControl Web Service Interface (sapuxuserchk)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/18"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.86"
},
{
"status": "affected",
"version": "7.87"
},
{
"status": "affected",
"version": "7.88"
},
{
"status": "affected",
"version": "KRNL64NUC 7.22"
},
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "KRNL64UC 7.22"
},
{
"status": "affected",
"version": "SAPHOSTAGENT 7.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T15:06:19",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3158619"
},
{
"name": "20220915 SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP SAPControl Web Service Interface (sapuxuserchk)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/18"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-29614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP, AS Java, ABAP Platform and HANA Database",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "KERNEL 7.22"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "7.77"
},
{
"version_affected": "=",
"version_value": "7.81"
},
{
"version_affected": "=",
"version_value": "7.85"
},
{
"version_affected": "=",
"version_value": "7.86"
},
{
"version_affected": "=",
"version_value": "7.87"
},
{
"version_affected": "=",
"version_value": "7.88"
},
{
"version_affected": "=",
"version_value": "KRNL64NUC 7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "KRNL64UC 7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "SAPHOSTAGENT 7.22"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3158619",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3158619"
},
{
"name": "20220915 SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP SAPControl Web Service Interface (sapuxuserchk)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Sep/18"
},
{
"name": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-29614",
"datePublished": "2022-06-14T18:27:16",
"dateReserved": "2022-04-25T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40496
Vulnerability from cvelistv5
Published
2021-10-12 14:03
Modified
2024-08-04 02:44
Severity ?
EPSS score ?
Summary
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3087254 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver AS ABAP and ABAP Platform |
Version: < 700 Version: < 701 Version: < 702 Version: < 730 Version: < 731 Version: < 740 Version: < 750 Version: < 751 Version: < 752 Version: < 753 Version: < 754 Version: < 755 Version: < 756 Version: < 785 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3087254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver AS ABAP and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 700"
},
{
"status": "affected",
"version": "\u003c 701"
},
{
"status": "affected",
"version": "\u003c 702"
},
{
"status": "affected",
"version": "\u003c 730"
},
{
"status": "affected",
"version": "\u003c 731"
},
{
"status": "affected",
"version": "\u003c 740"
},
{
"status": "affected",
"version": "\u003c 750"
},
{
"status": "affected",
"version": "\u003c 751"
},
{
"status": "affected",
"version": "\u003c 752"
},
{
"status": "affected",
"version": "\u003c 753"
},
{
"status": "affected",
"version": "\u003c 754"
},
{
"status": "affected",
"version": "\u003c 755"
},
{
"status": "affected",
"version": "\u003c 756"
},
{
"status": "affected",
"version": "\u003c 785"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T14:03:51",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3087254"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-40496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "700"
},
{
"version_name": "\u003c",
"version_value": "701"
},
{
"version_name": "\u003c",
"version_value": "702"
},
{
"version_name": "\u003c",
"version_value": "730"
},
{
"version_name": "\u003c",
"version_value": "731"
},
{
"version_name": "\u003c",
"version_value": "740"
},
{
"version_name": "\u003c",
"version_value": "750"
},
{
"version_name": "\u003c",
"version_value": "751"
},
{
"version_name": "\u003c",
"version_value": "752"
},
{
"version_name": "\u003c",
"version_value": "753"
},
{
"version_name": "\u003c",
"version_value": "754"
},
{
"version_name": "\u003c",
"version_value": "755"
},
{
"version_name": "\u003c",
"version_value": "756"
},
{
"version_name": "\u003c",
"version_value": "785"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3087254",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3087254"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-40496",
"datePublished": "2021-10-12T14:03:51",
"dateReserved": "2021-09-03T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-4341
Vulnerability from cvelistv5
Published
2012-08-15 21:00
Modified
2024-09-17 00:10
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
References
| ▼ | URL | Tags |
|---|---|---|
| https://service.sap.com/sap/support/notes/1649838 | x_refsource_MISC | |
| http://www.zerodayinitiative.com/advisories/ZDI-12-112/ | x_refsource_MISC | |
| http://secunia.com/advisories/49744 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.zerodayinitiative.com/advisories/ZDI-12-104/ | x_refsource_MISC | |
| http://scn.sap.com/docs/DOC-8218 | x_refsource_CONFIRM | |
| https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840 | x_refsource_MISC | |
| http://www.securitytracker.com/id?1027211 | vdb-entry, x_refsource_SECTRACK | |
| http://www.zerodayinitiative.com/advisories/ZDI-12-111/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.sap.com/sap/support/notes/1649838"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-112/"
},
{
"name": "49744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49744"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-104/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
},
{
"name": "1027211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027211"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-111/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-15T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.sap.com/sap/support/notes/1649838"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-112/"
},
{
"name": "49744",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49744"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-104/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
},
{
"name": "1027211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027211"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-111/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://service.sap.com/sap/support/notes/1649838",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/1649838"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-12-112/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-112/"
},
{
"name": "49744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49744"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-12-104/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-104/"
},
{
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"name": "https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840",
"refsource": "MISC",
"url": "https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
},
{
"name": "1027211",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027211"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-12-111/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-111/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4341",
"datePublished": "2012-08-15T21:00:00Z",
"dateReserved": "2012-08-15T00:00:00Z",
"dateUpdated": "2024-09-17T00:10:48.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29612
Vulnerability from cvelistv5
Published
2022-06-14 16:59
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3194674 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver, ABAP Platform and SAP Host Agent |
Version: KERNEL 7.22 Version: 7.49 Version: 7.53 Version: 7.77 Version: 7.81 Version: 7.85 Version: 7.86 Version: 7.87 Version: 7.88 Version: 8.04 Version: KRNL64NUC 7.22 Version: 7.22EXT Version: KRNL64UC 7.22 Version: SAPHOSTAGENT 7.22 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3194674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver, ABAP Platform and SAP Host Agent",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.86"
},
{
"status": "affected",
"version": "7.87"
},
{
"status": "affected",
"version": "7.88"
},
{
"status": "affected",
"version": "8.04"
},
{
"status": "affected",
"version": "KRNL64NUC 7.22"
},
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "KRNL64UC 7.22"
},
{
"status": "affected",
"version": "SAPHOSTAGENT 7.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T16:59:05",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3194674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-29612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver, ABAP Platform and SAP Host Agent",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "KERNEL 7.22"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "7.77"
},
{
"version_affected": "=",
"version_value": "7.81"
},
{
"version_affected": "=",
"version_value": "7.85"
},
{
"version_affected": "=",
"version_value": "7.86"
},
{
"version_affected": "=",
"version_value": "7.87"
},
{
"version_affected": "=",
"version_value": "7.88"
},
{
"version_affected": "=",
"version_value": "8.04"
},
{
"version_affected": "=",
"version_value": "KRNL64NUC 7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "KRNL64UC 7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "8.04"
},
{
"version_affected": "=",
"version_value": "SAPHOSTAGENT 7.22"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3194674",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3194674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-29612",
"datePublished": "2022-06-14T16:59:05",
"dateReserved": "2022-04-25T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-04-12 17:15
Modified
2024-11-21 06:56
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3165333 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3165333 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 787 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:787:*:*:*:*:*:*:*",
"matchCriteriaId": "1B51B8C9-7FAB-4252-8F80-25715209166C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information."
},
{
"lang": "es",
"value": "SAP NetWeaver ABAP Server y ABAP Platform - versiones 740, 750, 787, permite a un atacante no autenticado redirigir a usuarios a un sitio malicioso debido a la insuficiente comprobaci\u00f3n de la URL. Esto podr\u00eda conllevar a que el usuario fuera enga\u00f1ado para divulgar informaci\u00f3n personal"
}
],
"id": "CVE-2022-28215",
"lastModified": "2024-11-21T06:56:57.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-12T17:15:10.580",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3165333"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3165333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 15:15
Modified
2024-11-21 06:16
Severity ?
Summary
The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3097887 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3097887 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 700 | |
| sap | netweaver_abap | 701 | |
| sap | netweaver_abap | 702 | |
| sap | netweaver_abap | 710 | |
| sap | netweaver_abap | 730 | |
| sap | netweaver_abap | 731 | |
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 751 | |
| sap | netweaver_abap | 752 | |
| sap | netweaver_abap | 753 | |
| sap | netweaver_abap | 754 | |
| sap | netweaver_abap | 755 | |
| sap | netweaver_abap | 756 | |
| sap | netweaver_application_server_abap | 700 | |
| sap | netweaver_application_server_abap | 701 | |
| sap | netweaver_application_server_abap | 702 | |
| sap | netweaver_application_server_abap | 710 | |
| sap | netweaver_application_server_abap | 730 | |
| sap | netweaver_application_server_abap | 731 | |
| sap | netweaver_application_server_abap | 740 | |
| sap | netweaver_application_server_abap | 750 | |
| sap | netweaver_application_server_abap | 751 | |
| sap | netweaver_application_server_abap | 752 | |
| sap | netweaver_application_server_abap | 753 | |
| sap | netweaver_application_server_abap | 754 | |
| sap | netweaver_application_server_abap | 755 | |
| sap | netweaver_application_server_abap | 756 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:710:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE9B3CD-097D-4B66-8070-A46170736A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, enables a malicious user to transfer ABAP code artifacts or content, by-passing the established quality gates. By this vulnerability malicious code can reach quality and production, and can compromise the confidentiality, integrity, and availability of the system and its data."
},
{
"lang": "es",
"value": "El sistema de log\u00edstica de software de SAP NetWeaver AS ABAP y ABAP Platform versiones - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, permite a un usuario malicioso transferir artefactos o contenido de c\u00f3digo ABAP, omitiendo las puertas de calidad establecidas. Mediante esta vulnerabilidad el c\u00f3digo malicioso puede llegar a calidad y producci\u00f3n, y puede comprometer la confidencialidad, integridad y disponibilidad del sistema y sus datos"
}
],
"id": "CVE-2021-38178",
"lastModified": "2024-11-21T06:16:34.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T15:15:08.477",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3097887"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3097887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-13 04:15
Modified
2024-09-12 14:39
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Summary
Due to the missing authorization checks in the
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application
Server (ABAP and Java), and SAP Content Server can impersonate other users and
may perform some unintended actions. This could lead to a low impact on
confidentiality and a high impact on the integrity and availability of the
applications.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://me.sap.com/notes/3438085 | Permissions Required | |
| cna@sap.com | https://url.sap/sapsecuritypatchday | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3C3F09-14C5-4E8C-93B4-40F444F3B9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6F567192-ED9A-47B9-A386-0A83AB64948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "86C349D7-8F6C-42F4-9B8B-A7E0008FB3A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "A548E7E7-EAB0-40B7-89BD-F7682F76FD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "B3532BC5-507D-4517-A017-19E2B95A8FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DB3FCF-F720-4DA5-AF2D-D0E3B1F2297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "7109185C-385B-451E-AD63-BC09BD06B1F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "D30D9CA9-4704-4CEA-AC05-C501ED5AAFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEDE97-D538-4899-BEC0-0A1AF88283F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "A80E509A-4262-41F0-92B4-1A3639F4B80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "016D047B-F45A-4357-865F-75C6EB392FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:kernel_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA04598-FB33-4DF1-A5B1-1433FB7BCA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D41AD192-F087-441A-B875-3626AD1142F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8A21AA-F5E0-4332-9654-DABDCA0C5363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "D31F22F6-7C40-4FDB-A8CE-EF63E9E7B220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "4CABDDC7-44AF-4F15-BEB0-C60EFE732B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_java:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "F373984D-DB7D-4FA8-B8B1-DA9F55B4CDE3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4E320D-178F-4F08-A9F6-8244148768EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "414F67F4-A294-4097-B6E1-7FBBDEDB8AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0EDBD6-7716-4521-8E98-392DA6C6D7E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "36362B65-8434-404C-AAE6-D778E533B1DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF1E060-A7ED-4ED3-A514-FCDE6EE52C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "598F9F0F-82C7-4199-8E86-65D8D6FC2BA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:kernel_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FA38CCCD-9003-4A64-8646-66C4719C366F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4003CF-11F3-4BF6-B976-37DC0BB5F881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "70C658C4-2571-4C71-A4CA-82AA6A4E7259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B0052599-8162-44D5-B7B6-72C3DD621DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "E09C7350-983D-4D9D-B0EA-E1D9262EF6C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:content_server:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "4191B6B2-EC7E-460E-A98F-A239AF022454",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E1A535-8362-454E-AC22-85C4E957CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E4BC89-114A-4EA3-A9E8-D956A26BCB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "65A5FFAC-93F9-4204-9FA1-4D749D443173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "E0098E57-6A7F-4CC6-8109-E2400E0FFFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E7ABB030-9A13-4194-A2A4-9623B2F22D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "DB22EAAE-F75C-4902-9734-52B048D5D7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:kernel_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "30459CD4-451D-4C3D-8FE2-17552F83D7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA8BFCF-0A55-4DEE-B426-1DEF04DA0464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "54AE89EF-E64B-43C5-B9C2-8F41ACCD3482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "52C58E1D-8A91-451C-A1E1-85BE336DC763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "89262244-880C-41CB-A904-3B06D3A73460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8CD933-E217-445A-B244-C07625F9EE74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.22_ext:*:*:*:*:*:*:*",
"matchCriteriaId": "715F51D3-00BA-4512-A8E4-FE32F4B176F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5481831F-91CC-49DD-A54B-277A6E6D22AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "F04B311B-7FCC-421E-BF3C-8D020245F83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "44FA685E-8C00-45E0-AC72-C21EA1DD66FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "3905B636-9BD2-4D27-8CE8-35135F98B7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.89:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0AEE9-CD7F-47D5-8F3C-08E1BEE9E820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:web_dispatcher:webdisp_7.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C04CED5F-79E6-410C-8BA4-2F202810576A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to the missing authorization checks in the\nlocal systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application\nServer (ABAP and Java), and SAP Content Server can impersonate other users and\nmay perform some unintended actions. This could lead to a low impact on\nconfidentiality and a high impact on the integrity and availability of the\napplications."
},
{
"lang": "es",
"value": "Debido a la falta de comprobaciones de autorizaci\u00f3n en los sistemas locales, los usuarios administradores de SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP y Java) y SAP Content Server pueden hacerse pasar por otros usuarios y realizar algunas acciones no deseadas. Esto podr\u00eda tener un impacto bajo en la confidencialidad y un impacto alto en la integridad y disponibilidad de las aplicaciones."
}
],
"id": "CVE-2024-33005",
"lastModified": "2024-09-12T14:39:03.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.5,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-13T04:15:07.740",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://me.sap.com/notes/3438085"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://url.sap/sapsecuritypatchday"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-15 21:55
Modified
2024-11-21 01:42
Severity ?
Summary
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 7.0 | |
| sap | netweaver_abap | 7.02 | |
| sap | netweaver_abap | 7.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "275357FA-17BB-4A24-9183-7241C11849BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.02:sp6:*:*:*:*:*:*",
"matchCriteriaId": "04C98683-3E6B-4EA6-AB88-6230B28E58B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.03:sp4:*:*:*:*:*:*",
"matchCriteriaId": "3973E217-F080-45B5-9126-5118630B6A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer basado en pila, en msg_server.exe en SAP NetWeaver ABAP v7.x permite a atacantes remotos causar una denegaci\u00f3n de servicio (crash) y ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) un valor grande en un par\u00e1metro, (2) un campo de cadena manipulado, o (3) una cadena larga como nombre de par\u00e1metro en un paquete con (opcode) 0x43 y (sub opcode 0x4) a un puerto TCP 3900."
}
],
"id": "CVE-2012-4341",
"lastModified": "2024-11-21T01:42:42.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-15T21:55:05.353",
"references": [
{
"source": "cve@mitre.org",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49744"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1027211"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-104/"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-111/"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-112/"
},
{
"source": "cve@mitre.org",
"url": "https://service.sap.com/sap/support/notes/1649838"
},
{
"source": "cve@mitre.org",
"url": "https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-104/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-111/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-112/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.sap.com/sap/support/notes/1649838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://websmp230.sap-ag.de/sap%28bD1lbiZjPTAwMQ==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 12:15
Modified
2024-11-21 06:09
Severity ?
Summary
SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3032624 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3032624 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 7.21 | |
| sap | netweaver_abap | 7.21ext | |
| sap | netweaver_abap | 7.22 | |
| sap | netweaver_abap | 7.22ext | |
| sap | netweaver_abap | 7.49 | |
| sap | netweaver_abap | 7.53 | |
| sap | netweaver_abap | 7.77 | |
| sap | netweaver_abap | 7.81 | |
| sap | netweaver_abap | kernel_8.04 | |
| sap | netweaver_abap | krnl32nuc_7.21 | |
| sap | netweaver_abap | krnl32uc_7.21 | |
| sap | netweaver_abap | krnl64nuc_7.21 | |
| sap | netweaver_abap | krnl64uc_8.04 | |
| sap | netweaver_application_server_abap | 7.21 | |
| sap | netweaver_application_server_abap | 7.21ext | |
| sap | netweaver_application_server_abap | 7.22 | |
| sap | netweaver_application_server_abap | 7.22ext | |
| sap | netweaver_application_server_abap | 7.49 | |
| sap | netweaver_application_server_abap | 7.53 | |
| sap | netweaver_application_server_abap | 7.77 | |
| sap | netweaver_application_server_abap | 7.81 | |
| sap | netweaver_application_server_abap | kernel_8.04 | |
| sap | netweaver_application_server_abap | krnl32nuc_7.21 | |
| sap | netweaver_application_server_abap | krnl32uc_7.21 | |
| sap | netweaver_application_server_abap | krnl64nuc_7.21 | |
| sap | netweaver_application_server_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A46A215F-D013-4E5D-B597-EEE7FD65C27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "125D552D-24DF-4BE6-9DA6-55177DFA6ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBA8C16-AD2E-4046-A22D-B8AB2A38DAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "A701B328-CC8D-4F10-8CDB-47883CAAC116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "699E6EA8-1AA9-4C0E-A373-7E2F93E2F861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "8A748DC7-E701-4E5B-9918-5CA6D7F52899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "9E438D5E-F211-4361-AC2D-E86A7CE88026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "87B7FA96-2BA0-4328-8C97-31129E72D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA319BA-6236-4D24-B6D4-1F8159944002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32uc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4C568E18-9F51-47C4-B190-75E2ADF9981C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "C318C2FD-3521-4DA9-8934-693D3DFC137E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F36D87C9-12A9-4D37-9BBB-E22D8A054341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1D3FB7-DE15-4F23-908F-DDEAAB3C577C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "16B3C589-DF11-459D-8A3F-1A1FD2265022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "9FBC5614-7C3F-4AD8-8640-0499B8B03C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9E8CB869-C342-4362-9A4A-298F0B5F4003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "89E7439E-F4D6-45EA-99FC-C9B34D4D590E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "252DCEF2-8DDF-467F-8869-B69A0A3426F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "379FDFC8-947E-4D09-A9DD-4B3F7481F648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32nuc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3C05E4-BD11-4E9C-8476-70AF2A236056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl32uc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "674E3638-1270-4AEA-ABA3-8CD116FFEE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "94631E8C-631B-4972-A30F-BA93E58005B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "88CD861F-08FB-4CE1-923C-79D1480A2259",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."
},
{
"lang": "es",
"value": "SAP NetWeaver AS ABAP y ABAP Platform, versiones - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7. 53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, permite a un atacante enviar contenido excesivamente largo en el tipo de petici\u00f3n RFC, bloqueando as\u00ed el proceso de trabajo correspondiente debido a una vulnerabilidad de corrupci\u00f3n de memoria. El proceso de trabajo intentar\u00e1 reiniciarse por s\u00ed mismo despu\u00e9s del bloqueo y, por lo tanto, el impacto en la disponibilidad es bajo"
}
],
"id": "CVE-2021-33684",
"lastModified": "2024-11-21T06:09:21.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T12:15:09.497",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3032624"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3032624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cna@sap.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-16 19:55
Modified
2024-11-21 02:18
Severity ?
Summary
Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 7.31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B248747A-4BFB-4A7D-8F98-DB7568C2023F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function."
},
{
"lang": "es",
"value": "Business Warehouse (BW) en SAP Netweaver AS ABAP 7.31 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de peticiones a la funci\u00f3n RFC RSDU_CCMS_GET_PROFILE_PARAM."
}
],
"evaluatorComment": "Improper Authorization (CWE-285)",
"id": "CVE-2014-8312",
"lastModified": "2024-11-21T02:18:50.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-16T19:55:19.990",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2014/Oct/38"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61101"
},
{
"source": "cve@mitre.org",
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/533645/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70292"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96877"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://service.sap.com/sap/support/notes/1967780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2014/Oct/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533645/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://service.sap.com/sap/support/notes/1967780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-14 12:15
Modified
2024-11-21 06:09
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3044754 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3044754 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 700 | |
| sap | netweaver_abap | 702 | |
| sap | netweaver_abap | 730 | |
| sap | netweaver_abap | 731 | |
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 784 | |
| sap | netweaver_abap | 804 | |
| sap | netweaver_application_server_abap | 700 | |
| sap | netweaver_application_server_abap | 702 | |
| sap | netweaver_application_server_abap | 730 | |
| sap | netweaver_application_server_abap | 731 | |
| sap | netweaver_application_server_abap | 740 | |
| sap | netweaver_application_server_abap | 750 | |
| sap | netweaver_application_server_abap | 784 | |
| sap | netweaver_application_server_abap | 804 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:784:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9CF5F7-EA03-41C4-9BF9-F3FC28F4EE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:804:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFD3BCC-9B3E-49F2-B469-C465381303B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:784:*:*:*:*:*:*:*",
"matchCriteriaId": "E968B8C6-B6A4-4BCC-9233-E6AA7D354709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:804:*:*:*:*:*:*:*",
"matchCriteriaId": "2132C1C0-AD61-4C85-BA07-523206815A4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure."
},
{
"lang": "es",
"value": "El servidor ABAP de SAP NetWeaver y la Plataforma ABAP, versiones - 700, 702, 730, 731, 804, 740, 750, 784, expone funciones al exterior que pueden conllevar a una divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2021-33677",
"lastModified": "2024-11-21T06:09:20.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T12:15:08.340",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3044754"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3044754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-09 23:15
Modified
2024-11-21 06:46
Severity ?
Summary
A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3128473 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3128473 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 700 | |
| sap | netweaver_abap | 701 | |
| sap | netweaver_abap | 702 | |
| sap | netweaver_abap | 710 | |
| sap | netweaver_abap | 711 | |
| sap | netweaver_abap | 730 | |
| sap | netweaver_abap | 731 | |
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 751 | |
| sap | netweaver_abap | 752 | |
| sap | netweaver_abap | 753 | |
| sap | netweaver_abap | 754 | |
| sap | netweaver_abap | 755 | |
| sap | netweaver_abap | 756 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:710:*:*:*:*:*:*:*",
"matchCriteriaId": "FFE9B3CD-097D-4B66-8070-A46170736A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:711:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD9BF3E-56CB-4387-AE46-6BCBCE2F5DE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756."
},
{
"lang": "es",
"value": "Un usuario con altos privilegios que tenga acceso a la transacci\u00f3n SM59 puede leer los detalles de conexi\u00f3n almacenados con el destino de las llamadas http en SAP NetWeaver Application Server ABAP y ABAP Platform - versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756"
}
],
"id": "CVE-2022-22545",
"lastModified": "2024-11-21T06:46:59.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-09T23:15:19.003",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3128473"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3128473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-14 20:15
Modified
2024-11-21 06:27
Severity ?
Summary
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3112710 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3112710 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 701 | |
| sap | netweaver_abap | 702 | |
| sap | netweaver_abap | 711 | |
| sap | netweaver_abap | 730 | |
| sap | netweaver_abap | 731 | |
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 751 | |
| sap | netweaver_abap | 752 | |
| sap | netweaver_abap | 753 | |
| sap | netweaver_abap | 754 | |
| sap | netweaver_abap | 755 | |
| sap | netweaver_abap | 756 | |
| sap | netweaver_abap | 786 | |
| sap | netweaver_application_server_abap | 701 | |
| sap | netweaver_application_server_abap | 702 | |
| sap | netweaver_application_server_abap | 711 | |
| sap | netweaver_application_server_abap | 730 | |
| sap | netweaver_application_server_abap | 731 | |
| sap | netweaver_application_server_abap | 740 | |
| sap | netweaver_application_server_abap | 750 | |
| sap | netweaver_application_server_abap | 751 | |
| sap | netweaver_application_server_abap | 752 | |
| sap | netweaver_application_server_abap | 753 | |
| sap | netweaver_application_server_abap | 754 | |
| sap | netweaver_application_server_abap | 755 | |
| sap | netweaver_application_server_abap | 756 | |
| sap | netweaver_application_server_abap | 786 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:711:*:*:*:*:*:*:*",
"matchCriteriaId": "0AD9BF3E-56CB-4387-AE46-6BCBCE2F5DE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:786:*:*:*:*:*:*:*",
"matchCriteriaId": "1D34F34D-222B-4B1F-804C-87EB54642F72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*",
"matchCriteriaId": "17847B21-8BE6-4359-913B-B6592D37C655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:786:*:*:*:*:*:*:*",
"matchCriteriaId": "9282EF83-AB34-452F-A270-A0C8090AF2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible."
},
{
"lang": "es",
"value": "En SAP NetWeaver AS for ABAP y ABAP Platform - versiones 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, un atacante autenticado como usuario normal puede usar el cuadro de mandos de S/4 Hana para revelar sistemas y servicios que normalmente no se le permitir\u00eda ver. No es posible la alteraci\u00f3n de la informaci\u00f3n ni la denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-42067",
"lastModified": "2024-11-21T06:27:10.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-14T20:15:11.813",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3112710"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3112710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3020209 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3020209 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | kernel_7.22 | |
| sap | netweaver_abap | kernel_7.49 | |
| sap | netweaver_abap | kernel_7.53 | |
| sap | netweaver_abap | kernel_7.73 | |
| sap | netweaver_abap | kernel_8.04 | |
| sap | netweaver_abap | krnl32nuc_7.22 | |
| sap | netweaver_abap | krnl32nuc_7.22ext | |
| sap | netweaver_abap | krnl64nuc_7.22 | |
| sap | netweaver_abap | krnl64nuc_7.22ext | |
| sap | netweaver_abap | krnl64nuc_7.49 | |
| sap | netweaver_abap | krnl64uc_7.22 | |
| sap | netweaver_abap | krnl64uc_7.22ext | |
| sap | netweaver_abap | krnl64uc_7.49 | |
| sap | netweaver_abap | krnl64uc_7.53 | |
| sap | netweaver_abap | krnl64uc_7.73 | |
| sap | netweaver_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EC1AB0-FB0D-4CBC-817B-E1F662D34064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7D450E-A178-4335-8095-0BC4DC28E016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "03D70EE2-E1A5-45C6-BB39-D88EF4D1C85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "603AADB8-7BD0-4911-9DB7-DCAA37DEF2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9452E7-8B06-4B3B-870A-2A92103CD9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8C810D-73E8-4428-8622-B909F5B7DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver AS para ABAP (RFC Gateway), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49 , 7.53,7.73,7.77,7.81,7.82,7.83, permite a un atacante no autenticado sin conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de entrada en el m\u00e9todo memmove( ) causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27597",
"lastModified": "2024-11-21T05:58:15.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:08.043",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020209"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 15:15
Modified
2024-11-21 06:24
Severity ?
Summary
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3099011 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3099011 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 751 | |
| sap | netweaver_abap | 752 | |
| sap | netweaver_abap | 753 | |
| sap | netweaver_abap | 754 | |
| sap | netweaver_abap | 755 | |
| sap | netweaver_application_server_abap | 740 | |
| sap | netweaver_application_server_abap | 750 | |
| sap | netweaver_application_server_abap | 751 | |
| sap | netweaver_application_server_abap | 752 | |
| sap | netweaver_application_server_abap | 753 | |
| sap | netweaver_application_server_abap | 754 | |
| sap | netweaver_application_server_abap | 755 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform."
},
{
"lang": "es",
"value": "Se presentan m\u00faltiples vulnerabilidades de denegaci\u00f3n de servicio en SAP NetWeaver Application Server for ABAP y ABAP Platform - versiones 740, 750, 751, 752, 753, 754, 755. Un atacante no autorizado puede usar el servicio p\u00fablico SICF /sap/public/bc/abap para reducir el rendimiento de SAP NetWeaver Application Server ABAP y ABAP Platform"
}
],
"id": "CVE-2021-40495",
"lastModified": "2024-11-21T06:24:15.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T15:15:09.127",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3099011"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3099011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3020209 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3020209 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | kernel_7.22 | |
| sap | netweaver_abap | kernel_7.49 | |
| sap | netweaver_abap | kernel_7.53 | |
| sap | netweaver_abap | kernel_7.73 | |
| sap | netweaver_abap | kernel_8.04 | |
| sap | netweaver_abap | krnl32nuc_7.22 | |
| sap | netweaver_abap | krnl32nuc_7.22ext | |
| sap | netweaver_abap | krnl64nuc_7.22 | |
| sap | netweaver_abap | krnl64nuc_7.22ext | |
| sap | netweaver_abap | krnl64nuc_7.49 | |
| sap | netweaver_abap | krnl64uc_7.22 | |
| sap | netweaver_abap | krnl64uc_7.22ext | |
| sap | netweaver_abap | krnl64uc_7.49 | |
| sap | netweaver_abap | krnl64uc_7.53 | |
| sap | netweaver_abap | krnl64uc_7.73 | |
| sap | netweaver_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EC1AB0-FB0D-4CBC-817B-E1F662D34064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7D450E-A178-4335-8095-0BC4DC28E016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "03D70EE2-E1A5-45C6-BB39-D88EF4D1C85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "603AADB8-7BD0-4911-9DB7-DCAA37DEF2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9452E7-8B06-4B3B-870A-2A92103CD9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8C810D-73E8-4428-8622-B909F5B7DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCPIC() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver AS para ABAP (RFC Gateway), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49 , 7.53,7.73,7.77,7.81,7.82,7.83, permite a un atacante no autenticado sin conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de entrada en el m\u00e9todo ThCPIC() causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27633",
"lastModified": "2024-11-21T05:58:20.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:09.320",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020209"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 15:15
Modified
2024-11-21 06:24
Severity ?
Summary
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3087254 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3087254 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 700 | |
| sap | netweaver_abap | 701 | |
| sap | netweaver_abap | 702 | |
| sap | netweaver_abap | 730 | |
| sap | netweaver_abap | 731 | |
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 751 | |
| sap | netweaver_abap | 752 | |
| sap | netweaver_abap | 753 | |
| sap | netweaver_abap | 754 | |
| sap | netweaver_abap | 755 | |
| sap | netweaver_abap | 756 | |
| sap | netweaver_abap | 785 | |
| sap | netweaver_application_server_abap | 700 | |
| sap | netweaver_application_server_abap | 701 | |
| sap | netweaver_application_server_abap | 702 | |
| sap | netweaver_application_server_abap | 730 | |
| sap | netweaver_application_server_abap | 731 | |
| sap | netweaver_application_server_abap | 740 | |
| sap | netweaver_application_server_abap | 750 | |
| sap | netweaver_application_server_abap | 751 | |
| sap | netweaver_application_server_abap | 752 | |
| sap | netweaver_application_server_abap | 753 | |
| sap | netweaver_application_server_abap | 754 | |
| sap | netweaver_application_server_abap | 755 | |
| sap | netweaver_application_server_abap | 756 | |
| sap | netweaver_application_server_abap | 785 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:785:*:*:*:*:*:*:*",
"matchCriteriaId": "76FF2082-3D69-41D9-AB86-F5E49D2485C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:785:*:*:*:*:*:*:*",
"matchCriteriaId": "EC94057A-D02A-4111-BC35-4CD49C68B73B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details."
},
{
"lang": "es",
"value": "SAP Internet Communication framework (ICM) - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, permite a un atacante con la funcionalidad logon, explotar la funci\u00f3n de autenticaci\u00f3n mediante el uso de POST y el campo form para repetir las ejecuciones del comando inicial mediante una petici\u00f3n GET y exponer datos confidenciales. Esta vulnerabilidad es normalmente expuesta a trav\u00e9s de la red y su explotaci\u00f3n con \u00e9xito puede conllevar a una exposici\u00f3n de datos como detalles del sistema"
}
],
"id": "CVE-2021-40496",
"lastModified": "2024-11-21T06:24:15.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T15:15:09.267",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3087254"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3087254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-12 16:29
Modified
2024-11-21 03:36
Severity ?
Summary
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/96900 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-using-cl_java_script/ | Broken Link, Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96900 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-using-cl_java_script/ | Broken Link, Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 7.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "181F800E-64BC-4734-91B6-D74C955CFE1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841."
},
{
"lang": "es",
"value": "SAP NetWeaver AS ABAP versi\u00f3n 7.40 permite que los usuarios autenticados remotos con ciertos privilegios causen una denegaci\u00f3n de servicio (bloqueo del proceso) por medio de vectores que incluyen disp+work.exe, tambi\u00e9n se conoce como Nota de Seguridad de SAP 2406841."
}
],
"id": "CVE-2017-9843",
"lastModified": "2024-11-21T03:36:58.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-12T16:29:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96900"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-using-cl_java_script/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory"
],
"url": "https://erpscan.io/advisories/erpscan-17-010-sap-netweaver-abap-dispwork-crash-using-cl_java_script/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 17:15
Modified
2024-11-21 06:59
Severity ?
Summary
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3194674 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3194674 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | host_agent | 7.22 | |
| sap | netweaver_abap | kernel_7.22 | |
| sap | netweaver_abap | kernel_7.49 | |
| sap | netweaver_abap | kernel_7.53 | |
| sap | netweaver_abap | kernel_7.77 | |
| sap | netweaver_abap | kernel_7.81 | |
| sap | netweaver_abap | kernel_7.85 | |
| sap | netweaver_abap | kernel_7.86 | |
| sap | netweaver_abap | kernel_7.87 | |
| sap | netweaver_abap | kernel_7.88 | |
| sap | netweaver_abap | kernel_8.04 | |
| sap | netweaver_abap | krnl64nuc_7.22 | |
| sap | netweaver_abap | krnl64nuc_7.22ext | |
| sap | netweaver_abap | krnl64uc_7.22 | |
| sap | netweaver_abap | krnl64uc_7.22ext | |
| sap | netweaver_abap | krnl64uc_7.49 | |
| sap | netweaver_abap | krnl64uc_7.53 | |
| sap | netweaver_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1E135017-1492-49F5-B3ED-F69D5476FB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6F567192-ED9A-47B9-A386-0A83AB64948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "AECEB43E-5E9C-4638-B7D8-29968AE1F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "86C349D7-8F6C-42F4-9B8B-A7E0008FB3A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "6606C14A-C9E6-4D4A-8E64-0699CBB15B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8C12AA-5635-4E29-A443-2A43A6BB0439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5FA276-9557-4E36-A37F-4B2A09703DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9452E7-8B06-4B3B-870A-2A92103CD9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application."
},
{
"lang": "es",
"value": "SAP NetWeaver, ABAP Platform y SAP Host Agent - versiones KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49 53, 8.04, SAPHOSTAGENT 7.22, permite a un usuario autenticado hacer un uso no debido de una funci\u00f3n de sapcontrol webfunctionality(startservice) en el Kernel que permite a usuarios maliciosos recuperar informaci\u00f3n. Si es explotado con \u00e9xito, un atacante puede obtener informaci\u00f3n t\u00e9cnica como el n\u00famero de sistema o la direcci\u00f3n f\u00edsica, que de otro modo est\u00e1 restringida, causando un impacto limitado en la confidencialidad de la aplicaci\u00f3n"
}
],
"id": "CVE-2022-29612",
"lastModified": "2024-11-21T06:59:25.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T17:15:08.230",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3194674"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3194674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3020209 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3020209 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | kernel_7.22 | |
| sap | netweaver_abap | kernel_7.49 | |
| sap | netweaver_abap | kernel_7.53 | |
| sap | netweaver_abap | kernel_7.73 | |
| sap | netweaver_abap | kernel_8.04 | |
| sap | netweaver_abap | krnl32nuc_7.22 | |
| sap | netweaver_abap | krnl32nuc_7.22ext | |
| sap | netweaver_abap | krnl64nuc_7.22 | |
| sap | netweaver_abap | krnl64nuc_7.22ext | |
| sap | netweaver_abap | krnl64nuc_7.49 | |
| sap | netweaver_abap | krnl64uc_7.22 | |
| sap | netweaver_abap | krnl64uc_7.22ext | |
| sap | netweaver_abap | krnl64uc_7.49 | |
| sap | netweaver_abap | krnl64uc_7.53 | |
| sap | netweaver_abap | krnl64uc_7.73 | |
| sap | netweaver_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EC1AB0-FB0D-4CBC-817B-E1F662D34064",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7679B78A-CF53-42FA-8A96-319F13B40A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7D450E-A178-4335-8095-0BC4DC28E016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "03D70EE2-E1A5-45C6-BB39-D88EF4D1C85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "603AADB8-7BD0-4911-9DB7-DCAA37DEF2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9452E7-8B06-4B3B-870A-2A92103CD9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "FE8C810D-73E8-4428-8622-B909F5B7DFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCEFFCC-4529-4A75-A146-C28A4CA80DC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThCpicDtCreate () causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver AS para ABAP (RFC Gateway), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49 , 7.53,7.73,7.77,7.81,7.82,7.83, permite a un atacante no autenticado sin conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de entrada en el m\u00e9todo ThCpicDtCreate() causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27634",
"lastModified": "2024-11-21T05:58:20.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:09.390",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020209"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-22 16:59
Modified
2024-11-21 02:25
Severity ?
Summary
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8367C7C5-73A3-4A11-9862-EA560EB079E8",
"versionEndIncluding": "7.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638."
},
{
"lang": "es",
"value": "Vulnerabilidad de entidad externa XML en Extended Computer Aided Test Tool (eCATT) en SAP NetWeaver AS ABAP 7.31 y anteriores permite a atacantes remotos acceder a ficheros arbitrarios a trav\u00e9s de una solicitud XML manipulada, relacionado con ECATT_DISPLAY_XMLSTRING_REMOTE, tambi\u00e9n conocido como SAP Nota 2016638."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
"id": "CVE-2015-1309",
"lastModified": "2024-11-21T02:25:08.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-22T16:59:04.120",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62469"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 19:15
Modified
2024-11-21 06:59
Severity ?
Summary
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | host_agent | 7.22 | |
| sap | netweaver_abap | kernel_7.22 | |
| sap | netweaver_abap | kernel_7.49 | |
| sap | netweaver_abap | kernel_7.53 | |
| sap | netweaver_abap | kernel_7.77 | |
| sap | netweaver_abap | kernel_7.81 | |
| sap | netweaver_abap | kernel_7.85 | |
| sap | netweaver_abap | kernel_7.86 | |
| sap | netweaver_abap | kernel_7.87 | |
| sap | netweaver_abap | kernel_7.88 | |
| sap | netweaver_abap | krnl64nuc_7.22 | |
| sap | netweaver_abap | krnl64nuc_7.22ext | |
| sap | netweaver_abap | krnl64uc_7.22 | |
| sap | netweaver_abap | krnl64uc_7.22ext | |
| sap | netweaver_abap | krnl64uc_7.49 | |
| sap | netweaver_abap | krnl64uc_7.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:host_agent:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "1E135017-1492-49F5-B3ED-F69D5476FB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "816DBDA9-E4F1-476B-95B3-19758627E3A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "6B7DDF4E-F304-45E2-956B-7E6AA9EC03EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E640D6CD-A1BA-46C5-B652-0A65F6FF17E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6F567192-ED9A-47B9-A386-0A83AB64948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "AECEB43E-5E9C-4638-B7D8-29968AE1F4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "86C349D7-8F6C-42F4-9B8B-A7E0008FB3A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "6606C14A-C9E6-4D4A-8E64-0699CBB15B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.87:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8C12AA-5635-4E29-A443-2A43A6BB0439",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:kernel_7.88:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5FA276-9557-4E36-A37F-4B2A09703DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "4673CFDB-C17D-437B-8FE8-F0EA5BA97831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "E415C122-70DF-478E-8493-4CF9E9AD934C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5A9939-C663-4B52-97DB-64D80B40FB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9452E7-8B06-4B3B-870A-2A92103CD9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5C3E99-E68D-4CC2-8F9B-779406AE8B1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability."
},
{
"lang": "es",
"value": "SAP startservice - de SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform y HANA Database - versiones KERNEL versiones 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49 49, 7.53, SAPHOSTAGENT 7.22, - en los sistemas Unix, el programa de ayuda s-bit sapuxuserchk, puede ser abusado f\u00edsicamente resultando en una escalada de privilegios de un atacante que conlleva a un bajo impacto en la confidencialidad e integridad, pero un profundo impacto en la disponibilidad"
}
],
"id": "CVE-2022-29614",
"lastModified": "2024-11-21T06:59:26.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T19:15:07.427",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html"
},
{
"source": "cna@sap.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/18"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3158619"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/168409/SAP-SAPControl-Web-Service-Interface-Local-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3158619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-09 23:15
Modified
2024-11-21 06:46
Severity ?
Summary
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3116223 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3116223 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 7.22 | |
| sap | netweaver_abap | 7.22ext | |
| sap | netweaver_abap | 7.49 | |
| sap | netweaver_abap | 7.53 | |
| sap | netweaver_abap | 7.77 | |
| sap | netweaver_abap | 7.81 | |
| sap | netweaver_abap | 7.85 | |
| sap | netweaver_abap | 7.86 | |
| sap | netweaver_abap | 7.87 | |
| sap | netweaver_abap | 8.04 | |
| sap | netweaver_abap | krnl64nuc_7.22 | |
| sap | netweaver_abap | krnl64nuc_8.04 | |
| sap | netweaver_as_abap | 7.22 | |
| sap | netweaver_as_abap | 7.22ext | |
| sap | netweaver_as_abap | 7.49 | |
| sap | netweaver_as_abap | 7.53 | |
| sap | netweaver_as_abap | 7.77 | |
| sap | netweaver_as_abap | 7.81 | |
| sap | netweaver_as_abap | 7.85 | |
| sap | netweaver_as_abap | 7.86 | |
| sap | netweaver_as_abap | 7.87 | |
| sap | netweaver_as_abap | 8.04 | |
| sap | netweaver_as_abap | krnl64nuc_7.22 | |
| sap | netweaver_as_abap | krnl64nuc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBA8C16-AD2E-4046-A22D-B8AB2A38DAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "A701B328-CC8D-4F10-8CDB-47883CAAC116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "699E6EA8-1AA9-4C0E-A373-7E2F93E2F861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "8A748DC7-E701-4E5B-9918-5CA6D7F52899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "9E438D5E-F211-4361-AC2D-E86A7CE88026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "87B7FA96-2BA0-4328-8C97-31129E72D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD5DBA8-4181-41C4-86B2-02615CACA6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "CA794E5E-8C20-4B3A-BF1C-6F9A127F19D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.87:*:*:*:*:*:*:*",
"matchCriteriaId": "1812ED28-5F27-4E43-88B5-55D0E37B4426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "5D271FC7-E8B0-4323-9254-9AB9FCE08544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "2B72A96D-9567-4A63-B336-A4FF44E55809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F6938B-667A-43C2-AF0E-42CD67B378B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "46CD1D25-308E-474A-8837-55A363FD2159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C4499C-FADC-4B8F-8FD6-489D040FC566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCEC8BE-F106-475F-BFCF-1D2EFB05DECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "B9756558-70CB-44A8-B1D4-496426B9A820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "370C6CD1-94C0-4639-8B63-01755B702F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "23AE7B69-8A79-4C2E-9C0A-52594F324E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "312D8ECD-195D-44C2-B040-C4D8BD088CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.87:*:*:*:*:*:*:*",
"matchCriteriaId": "A5719E2B-20F7-4FD7-B51E-87CC76FD94FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6F14E0EB-94CD-445C-BE80-97A27B11C3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8D9F8-B501-450D-9632-320FBA5DFBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "2253203D-1B9E-4AFA-957E-EFF819502B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
},
{
"lang": "es",
"value": "SAP NetWeaver Application Server for ABAP (Kernel) y ABAP Platform (Kernel) - versiones KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, no comprueba suficientemente la informaci\u00f3n de sap-passport, lo que podr\u00eda conllevar un ataque de Denegaci\u00f3n de Servicio. Esto permite a un usuario remoto no autorizado provocar un bloqueo del proceso de trabajo del SAP Web Dispatcher o del Kernel. El proceso colapsado puede reiniciarse inmediatamente, los dem\u00e1s procesos no est\u00e1n afectados"
}
],
"id": "CVE-2022-22543",
"lastModified": "2024-11-21T06:46:59.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-09T23:15:18.913",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-16 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3007182 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3007182 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 700 | |
| sap | netweaver_abap | 701 | |
| sap | netweaver_abap | 702 | |
| sap | netweaver_abap | 731 | |
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 751 | |
| sap | netweaver_abap | 752 | |
| sap | netweaver_abap | 753 | |
| sap | netweaver_abap | 754 | |
| sap | netweaver_abap | 755 | |
| sap | netweaver_abap | 804 | |
| sap | netweaver_application_server_abap | 700 | |
| sap | netweaver_application_server_abap | 701 | |
| sap | netweaver_application_server_abap | 702 | |
| sap | netweaver_application_server_abap | 731 | |
| sap | netweaver_application_server_abap | 740 | |
| sap | netweaver_application_server_abap | 750 | |
| sap | netweaver_application_server_abap | 751 | |
| sap | netweaver_application_server_abap | 752 | |
| sap | netweaver_application_server_abap | 753 | |
| sap | netweaver_application_server_abap | 754 | |
| sap | netweaver_application_server_abap | 755 | |
| sap | netweaver_application_server_abap | 804 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:804:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFD3BCC-9B3E-49F2-B469-C465381303B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:804:*:*:*:*:*:*:*",
"matchCriteriaId": "2132C1C0-AD61-4C85-BA07-523206815A4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system."
},
{
"lang": "es",
"value": "SAP NetWeaver ABAP Server y ABAP Platform, versiones - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, no crea informaci\u00f3n sobre el usuario RFC interno y externo en un formato consistente y distinguible, lo que podr\u00eda conllevar a una autenticaci\u00f3n inapropiada y podr\u00eda ser explotado por usuarios maliciosos para obtener acceso ileg\u00edtimo al sistema"
}
],
"id": "CVE-2021-27610",
"lastModified": "2024-11-21T05:58:17.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-16T15:15:08.363",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3007182"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3007182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 15:15
Modified
2024-11-21 06:16
Severity ?
Summary
SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3080710 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3080710 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 700 | |
| sap | netweaver_abap | 701 | |
| sap | netweaver_abap | 702 | |
| sap | netweaver_abap | 730 | |
| sap | netweaver_abap | 731 | |
| sap | netweaver_abap | 740 | |
| sap | netweaver_abap | 750 | |
| sap | netweaver_abap | 751 | |
| sap | netweaver_abap | 752 | |
| sap | netweaver_abap | 753 | |
| sap | netweaver_abap | 754 | |
| sap | netweaver_abap | 755 | |
| sap | netweaver_abap | 756 | |
| sap | netweaver_application_server_abap | 700 | |
| sap | netweaver_application_server_abap | 701 | |
| sap | netweaver_application_server_abap | 702 | |
| sap | netweaver_application_server_abap | 730 | |
| sap | netweaver_application_server_abap | 731 | |
| sap | netweaver_application_server_abap | 740 | |
| sap | netweaver_application_server_abap | 750 | |
| sap | netweaver_application_server_abap | 751 | |
| sap | netweaver_application_server_abap | 752 | |
| sap | netweaver_application_server_abap | 753 | |
| sap | netweaver_application_server_abap | 754 | |
| sap | netweaver_application_server_abap | 755 | |
| sap | netweaver_application_server_abap | 756 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "E0DA7CC6-A0F6-4839-965D-C60F691496AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "6497854E-9C7B-4DAF-ADC6-F26523BB7D47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC58754-3A9D-4320-AB4F-385FB72608E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46B6A9-C9F3-4270-AA6D-9988D6D4E608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8A73A5-4526-40E1-A540-0A6C3F93DA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "09A38B6E-03DC-4086-A307-542B35814E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "4651257F-7BFC-41AE-8E37-8C96F822CE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "EECB438D-D5CD-4483-934F-4C814A725A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "14A1CD95-14E1-438A-92FB-A0E47A88C59F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "4148303B-133A-4FD2-B546-DD86C5D0E7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "E51EF6BC-4C1C-4F1B-9873-D571BE3788F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "424A3D68-0825-4A2C-BEB1-DC9A212A5E42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4A410E-6276-4DD2-8C84-8B7DD06AD8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
},
{
"lang": "es",
"value": "SAP NetWeaver AS ABAP y ABAP Platform - versiones 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, permite a un atacante impedir que los usuarios leg\u00edtimos accedan a un servicio, ya sea al bloquear o inundar el servicio"
}
],
"id": "CVE-2021-38181",
"lastModified": "2024-11-21T06:16:35.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T15:15:08.860",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3080710"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3080710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}