All the vulnerabilites related to sap - netweaver_as_abap
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_as_abap | kernel_7.22 | |
| sap | netweaver_as_abap | kernel_7.49 | |
| sap | netweaver_as_abap | kernel_7.53 | |
| sap | netweaver_as_abap | kernel_7.73 | |
| sap | netweaver_as_abap | kernel_7.77 | |
| sap | netweaver_as_abap | kernel_7.81 | |
| sap | netweaver_as_abap | kernel_7.82 | |
| sap | netweaver_as_abap | kernel_7.83 | |
| sap | netweaver_as_abap | kernel_8.04 | |
| sap | netweaver_as_abap | krnl32nuc_7.22 | |
| sap | netweaver_as_abap | krnl32nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.22 | |
| sap | netweaver_as_abap | krnl64nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.22 | |
| sap | netweaver_as_abap | krnl64uc_7.22ext | |
| sap | netweaver_as_abap | krnl64uc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.53 | |
| sap | netweaver_as_abap | krnl64uc_7.73 | |
| sap | netweaver_as_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "01AE0652-85A5-45E3-ADEA-DF6C74ED6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E4DE4-8031-4396-A0CD-30FE83B5260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E25851EF-669E-442B-81D0-168BF4D4034E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "2582745F-44A4-46C4-9CF7-D27E6489B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2700C-45F0-4041-AE69-3D4E4FE8186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1DD71-9507-48BF-B58F-81EB7A233021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD5976-80C8-4481-90CA-97F99463A90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.83:*:*:*:*:*:*:*",
"matchCriteriaId": "847EE061-1E27-4A61-9F9C-468EF79E94D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7031FA59-8800-43D0-8C0B-489CEEB89275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA018D-C10B-4923-981D-5A1D51C53630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "B574F796-4988-40C0-9CF4-F23E24CEAC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8D9F8-B501-450D-9632-320FBA5DFBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5260D5-D2AC-4212-8C6E-92CF98908C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "2324085E-1EE1-4950-BFD8-032132AC0C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80DBF89E-EAE1-4D04-8A8F-8154922626A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "C101B6B9-460E-42B6-96E0-FB86BC10EEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C443D69D-BE30-46C6-8940-42367DC263AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "757823F1-7BC4-4C8D-9CC9-D92D910C5CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "DC803888-981A-4C84-89FA-62333581275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76D750-45CB-46CB-94F4-EB1B1FC9D0FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver ABAP Server y ABAP Platform (Enqueue Server), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73, KERNEL - 7.22,8.04 , 7.49,7.53,7.73, permite a un atacante no autenticado sin conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de entrada en el m\u00e9todo EnqConvUniToSrvReq() causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27631",
"lastModified": "2024-11-21T05:58:20.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:09.180",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_as_abap | kernel_7.22 | |
| sap | netweaver_as_abap | kernel_7.49 | |
| sap | netweaver_as_abap | kernel_7.53 | |
| sap | netweaver_as_abap | kernel_7.73 | |
| sap | netweaver_as_abap | kernel_7.77 | |
| sap | netweaver_as_abap | kernel_7.81 | |
| sap | netweaver_as_abap | kernel_7.82 | |
| sap | netweaver_as_abap | kernel_7.83 | |
| sap | netweaver_as_abap | kernel_8.04 | |
| sap | netweaver_as_abap | krnl32nuc_7.22 | |
| sap | netweaver_as_abap | krnl32nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.22 | |
| sap | netweaver_as_abap | krnl64nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.22 | |
| sap | netweaver_as_abap | krnl64uc_7.22ext | |
| sap | netweaver_as_abap | krnl64uc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.53 | |
| sap | netweaver_as_abap | krnl64uc_7.73 | |
| sap | netweaver_as_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "01AE0652-85A5-45E3-ADEA-DF6C74ED6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E4DE4-8031-4396-A0CD-30FE83B5260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E25851EF-669E-442B-81D0-168BF4D4034E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "2582745F-44A4-46C4-9CF7-D27E6489B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2700C-45F0-4041-AE69-3D4E4FE8186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1DD71-9507-48BF-B58F-81EB7A233021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD5976-80C8-4481-90CA-97F99463A90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.83:*:*:*:*:*:*:*",
"matchCriteriaId": "847EE061-1E27-4A61-9F9C-468EF79E94D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7031FA59-8800-43D0-8C0B-489CEEB89275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA018D-C10B-4923-981D-5A1D51C53630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "B574F796-4988-40C0-9CF4-F23E24CEAC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8D9F8-B501-450D-9632-320FBA5DFBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5260D5-D2AC-4212-8C6E-92CF98908C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "2324085E-1EE1-4950-BFD8-032132AC0C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80DBF89E-EAE1-4D04-8A8F-8154922626A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "C101B6B9-460E-42B6-96E0-FB86BC10EEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C443D69D-BE30-46C6-8940-42367DC263AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "757823F1-7BC4-4C8D-9CC9-D92D910C5CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "DC803888-981A-4C84-89FA-62333581275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76D750-45CB-46CB-94F4-EB1B1FC9D0FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver ABAP Server y ABAP Platform (Enqueue Server), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73, KERNEL - 7.22,8.04 , 7.49,7.53,7.73, permite a un atacante no autenticado sin un conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de entrada en el m\u00e9todo EncPSetUnsupported() causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27629",
"lastModified": "2024-11-21T05:58:20.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:09.007",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3021197 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3021197 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_as_abap | kernel_7.22 | |
| sap | netweaver_as_abap | kernel_7.49 | |
| sap | netweaver_as_abap | kernel_7.53 | |
| sap | netweaver_as_abap | kernel_7.73 | |
| sap | netweaver_as_abap | kernel_7.77 | |
| sap | netweaver_as_abap | kernel_7.81 | |
| sap | netweaver_as_abap | kernel_7.82 | |
| sap | netweaver_as_abap | kernel_7.83 | |
| sap | netweaver_as_abap | kernel_8.04 | |
| sap | netweaver_as_abap | krnl32nuc_7.22 | |
| sap | netweaver_as_abap | krnl32nuc_7.22ext | |
| sap | netweaver_as_abap | krnl32uc_7.22 | |
| sap | netweaver_as_abap | krnl32uc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.22 | |
| sap | netweaver_as_abap | krnl64nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.22 | |
| sap | netweaver_as_abap | krnl64uc_7.22ext | |
| sap | netweaver_as_abap | krnl64uc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.53 | |
| sap | netweaver_as_abap | krnl64uc_7.73 | |
| sap | netweaver_as_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "01AE0652-85A5-45E3-ADEA-DF6C74ED6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E4DE4-8031-4396-A0CD-30FE83B5260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E25851EF-669E-442B-81D0-168BF4D4034E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "2582745F-44A4-46C4-9CF7-D27E6489B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2700C-45F0-4041-AE69-3D4E4FE8186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1DD71-9507-48BF-B58F-81EB7A233021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD5976-80C8-4481-90CA-97F99463A90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.83:*:*:*:*:*:*:*",
"matchCriteriaId": "847EE061-1E27-4A61-9F9C-468EF79E94D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7031FA59-8800-43D0-8C0B-489CEEB89275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA018D-C10B-4923-981D-5A1D51C53630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "B574F796-4988-40C0-9CF4-F23E24CEAC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC847E9-E5D4-4212-A854-696F22923CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "B35064C4-6F6B-4719-AFC1-2D45858BB6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8D9F8-B501-450D-9632-320FBA5DFBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5260D5-D2AC-4212-8C6E-92CF98908C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "2324085E-1EE1-4950-BFD8-032132AC0C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80DBF89E-EAE1-4D04-8A8F-8154922626A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "C101B6B9-460E-42B6-96E0-FB86BC10EEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C443D69D-BE30-46C6-8940-42367DC263AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "757823F1-7BC4-4C8D-9CC9-D92D910C5CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "DC803888-981A-4C84-89FA-62333581275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76D750-45CB-46CB-94F4-EB1B1FC9D0FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver ABAP Server y ABAP Platform (Dispatcher), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73 , KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, permite a un atacante no autenticado sin conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de la entrada en el m\u00e9todo DpRTmPrepareReq(), causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27628",
"lastModified": "2024-11-21T05:58:19.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:08.937",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3021197"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3021197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cna@sap.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_as_abap | kernel_7.22 | |
| sap | netweaver_as_abap | kernel_7.49 | |
| sap | netweaver_as_abap | kernel_7.53 | |
| sap | netweaver_as_abap | kernel_7.73 | |
| sap | netweaver_as_abap | kernel_7.77 | |
| sap | netweaver_as_abap | kernel_7.81 | |
| sap | netweaver_as_abap | kernel_7.82 | |
| sap | netweaver_as_abap | kernel_7.83 | |
| sap | netweaver_as_abap | kernel_8.04 | |
| sap | netweaver_as_abap | krnl32nuc_7.22 | |
| sap | netweaver_as_abap | krnl32nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.22 | |
| sap | netweaver_as_abap | krnl64nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.22 | |
| sap | netweaver_as_abap | krnl64uc_7.22ext | |
| sap | netweaver_as_abap | krnl64uc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.53 | |
| sap | netweaver_as_abap | krnl64uc_7.73 | |
| sap | netweaver_as_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "01AE0652-85A5-45E3-ADEA-DF6C74ED6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E4DE4-8031-4396-A0CD-30FE83B5260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E25851EF-669E-442B-81D0-168BF4D4034E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "2582745F-44A4-46C4-9CF7-D27E6489B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2700C-45F0-4041-AE69-3D4E4FE8186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1DD71-9507-48BF-B58F-81EB7A233021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD5976-80C8-4481-90CA-97F99463A90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.83:*:*:*:*:*:*:*",
"matchCriteriaId": "847EE061-1E27-4A61-9F9C-468EF79E94D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7031FA59-8800-43D0-8C0B-489CEEB89275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA018D-C10B-4923-981D-5A1D51C53630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "B574F796-4988-40C0-9CF4-F23E24CEAC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8D9F8-B501-450D-9632-320FBA5DFBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5260D5-D2AC-4212-8C6E-92CF98908C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "2324085E-1EE1-4950-BFD8-032132AC0C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80DBF89E-EAE1-4D04-8A8F-8154922626A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "C101B6B9-460E-42B6-96E0-FB86BC10EEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C443D69D-BE30-46C6-8940-42367DC263AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "757823F1-7BC4-4C8D-9CC9-D92D910C5CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "DC803888-981A-4C84-89FA-62333581275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76D750-45CB-46CB-94F4-EB1B1FC9D0FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver ABAP Server y ABAP Platform (Enqueue Server), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73, KERNEL - 7.22,8.04 , 7.49,7.53,7.73, permite a un atacante no autenticado sin un conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de entrada en el m\u00e9todo EncOAMParamStore() causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27606",
"lastModified": "2024-11-21T05:58:17.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:08.107",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-10 19:15
Modified
2024-11-21 04:16
Severity ?
Summary
ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/109078 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2773888 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109078 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2773888 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_application_server_abap | 7.31 | |
| sap | netweaver_as_abap | 7.4 | |
| sap | netweaver_as_abap | 7.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6F65C175-29C0-4AC0-887F-46A222FAAF10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29E542B2-7A01-48CE-953C-35796FEB77FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "310F88C0-37C1-4E8B-BC8A-948964E6B674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
},
{
"lang": "es",
"value": "ABAP Server y ABAP Platform (SAP Basis), versiones 7.31, 7.4, 7.5, no codifican de manera suficiente las entradas controladas por el usuario, resultando en una vulnerabilidad de tipo cross-site scripting (XSS)."
}
],
"id": "CVE-2019-0321",
"lastModified": "2024-11-21T04:16:40.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-10T19:15:10.297",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109078"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2773888"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2773888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-14 17:15
Modified
2024-11-21 06:56
Severity ?
Summary
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html | Exploit, Third Party Advisory | |
| cna@sap.com | http://seclists.org/fulldisclosure/2022/Sep/17 | Exploit, Mailing List, Third Party Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3158375 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Sep/17 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3158375 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_as_abap | kernel_7.49 | |
| sap | netweaver_as_abap | kernel_7.77 | |
| sap | netweaver_as_abap | kernel_7.81 | |
| sap | netweaver_as_abap | kernel_7.85 | |
| sap | netweaver_as_abap | kernel_7.86 | |
| sap | netweaver_as_abap | kernel_7.87 | |
| sap | netweaver_as_abap | kernel_7.88 | |
| sap | netweaver_as_abap_krnl64nuc | 7.49 | |
| sap | netweaver_as_abap_krnl64uc | 7.49 | |
| sap | router | 7.22 | |
| sap | router | 7.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E4DE4-8031-4396-A0CD-30FE83B5260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2700C-45F0-4041-AE69-3D4E4FE8186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1DD71-9507-48BF-B58F-81EB7A233021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE477E5-217A-4B4A-98AF-03444E7DCC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "A43BB781-7C60-43B8-A59C-3854514DB445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.87:*:*:*:*:*:*:*",
"matchCriteriaId": "8042BA64-A5C6-4E86-8705-3705B9D1F6BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.88:*:*:*:*:*:*:*",
"matchCriteriaId": "D304B534-EACC-40E8-8AA5-683E8E63A321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEEB006-D93C-4E37-82B3-4B97373FC154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1FEA71-D53B-4520-AE06-60D337ACA177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:router:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "0614F3CF-CCF2-42E5-89A8-779E8B0D11F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:router:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "86186BB9-EC4E-4ABA-9858-37560D85C612",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
},
{
"lang": "es",
"value": "Dependiendo de la configuraci\u00f3n de la tabla de permisos de ruta en el archivo \"saprouttab\", es posible que un atacante no autenticado ejecute comandos de administraci\u00f3n de SAProuter en SAP NetWeaver y ABAP Platform - versiones KERNEL 7. 49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, desde un cliente remoto, por ejemplo deteniendo el SAProuter, lo que podr\u00eda tener un gran impacto en la disponibilidad de los sistemas"
}
],
"id": "CVE-2022-27668",
"lastModified": "2024-11-21T06:56:08.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-14T17:15:08.177",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
},
{
"source": "cna@sap.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/17"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3158375"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3158375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-15 18:29
Modified
2024-11-21 04:16
Severity ?
Summary
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/106999 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2728839 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106999 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2728839 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_application_server_abap | * | |
| sap | netweaver_application_server_abap | * | |
| sap | netweaver_application_server_abap | 7.30 | |
| sap | netweaver_application_server_abap | 7.31 | |
| sap | netweaver_application_server_abap | 7.40 | |
| sap | netweaver_as_abap | * | |
| sap | netweaver_as_abap | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4998F531-ED39-46D4-BA62-466BD37C8873",
"versionEndIncluding": "7.02",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C31EF66D-DB32-4352-8824-6630B8C61D47",
"versionEndIncluding": "7.53",
"versionStartIncluding": "7.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5E17A3-C1F1-4FB9-8AB2-347C0429E29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6F65C175-29C0-4AC0-887F-46A222FAAF10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C8BB3C-64ED-456B-93A8-B18F30338BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C3F7F6-3B1D-40C8-B305-8CEC6DEFA851",
"versionEndIncluding": "7.11",
"versionStartIncluding": "7.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "341EDF6B-976B-46C4-BF35-CFB341C844F0",
"versionEndIncluding": "7.75",
"versionStartIncluding": "7.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
},
{
"lang": "es",
"value": "La funcionalidad de personalizaci\u00f3n de SAP NetWeaver AS ABAP Platform (solucionado en versiones desde la 7.0 hasta la 7.02, desde la 7.10 hasta la 7.11, la 7.30, 7.31, 7.40, desde la 7.50 hasta la 7.53 y desde la 7.74 hasta la 7.75) no realiza las comprobaciones necesarias de autorizaci\u00f3n para un usuario autenticado, lo que resulta en un escalado de privilegios."
}
],
"id": "CVE-2019-0257",
"lastModified": "2024-11-21T04:16:35.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-15T18:29:01.037",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106999"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2728839"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2728839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3021197 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3021197 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_as_abap | kernel_7.22 | |
| sap | netweaver_as_abap | kernel_7.49 | |
| sap | netweaver_as_abap | kernel_7.53 | |
| sap | netweaver_as_abap | kernel_7.73 | |
| sap | netweaver_as_abap | kernel_7.77 | |
| sap | netweaver_as_abap | kernel_7.81 | |
| sap | netweaver_as_abap | kernel_7.82 | |
| sap | netweaver_as_abap | kernel_7.83 | |
| sap | netweaver_as_abap | kernel_8.04 | |
| sap | netweaver_as_abap | krnl32nuc_7.22 | |
| sap | netweaver_as_abap | krnl32nuc_7.22ext | |
| sap | netweaver_as_abap | krnl32uc_7.22 | |
| sap | netweaver_as_abap | krnl32uc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.22 | |
| sap | netweaver_as_abap | krnl64nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.22 | |
| sap | netweaver_as_abap | krnl64uc_7.22ext | |
| sap | netweaver_as_abap | krnl64uc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.53 | |
| sap | netweaver_as_abap | krnl64uc_7.73 | |
| sap | netweaver_as_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "01AE0652-85A5-45E3-ADEA-DF6C74ED6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E4DE4-8031-4396-A0CD-30FE83B5260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E25851EF-669E-442B-81D0-168BF4D4034E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "2582745F-44A4-46C4-9CF7-D27E6489B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2700C-45F0-4041-AE69-3D4E4FE8186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1DD71-9507-48BF-B58F-81EB7A233021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD5976-80C8-4481-90CA-97F99463A90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.83:*:*:*:*:*:*:*",
"matchCriteriaId": "847EE061-1E27-4A61-9F9C-468EF79E94D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7031FA59-8800-43D0-8C0B-489CEEB89275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA018D-C10B-4923-981D-5A1D51C53630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "B574F796-4988-40C0-9CF4-F23E24CEAC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC847E9-E5D4-4212-A854-696F22923CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "B35064C4-6F6B-4719-AFC1-2D45858BB6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8D9F8-B501-450D-9632-320FBA5DFBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5260D5-D2AC-4212-8C6E-92CF98908C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "2324085E-1EE1-4950-BFD8-032132AC0C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80DBF89E-EAE1-4D04-8A8F-8154922626A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "C101B6B9-460E-42B6-96E0-FB86BC10EEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C443D69D-BE30-46C6-8940-42367DC263AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "757823F1-7BC4-4C8D-9CC9-D92D910C5CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "DC803888-981A-4C84-89FA-62333581275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76D750-45CB-46CB-94F4-EB1B1FC9D0FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver ABAP Server y ABAP Platform (Dispatcher), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73 , KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, permite a un atacante no autenticado sin conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de entrada en el m\u00e9todo ThSncIn(), causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27607",
"lastModified": "2024-11-21T05:58:17.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:08.170",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3021197"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3021197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_as_abap | kernel_7.22 | |
| sap | netweaver_as_abap | kernel_7.49 | |
| sap | netweaver_as_abap | kernel_7.53 | |
| sap | netweaver_as_abap | kernel_7.73 | |
| sap | netweaver_as_abap | kernel_7.77 | |
| sap | netweaver_as_abap | kernel_7.81 | |
| sap | netweaver_as_abap | kernel_7.82 | |
| sap | netweaver_as_abap | kernel_7.83 | |
| sap | netweaver_as_abap | kernel_8.04 | |
| sap | netweaver_as_abap | krnl32nuc_7.22 | |
| sap | netweaver_as_abap | krnl32nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.22 | |
| sap | netweaver_as_abap | krnl64nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.22 | |
| sap | netweaver_as_abap | krnl64uc_7.22ext | |
| sap | netweaver_as_abap | krnl64uc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.53 | |
| sap | netweaver_as_abap | krnl64uc_7.73 | |
| sap | netweaver_as_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "01AE0652-85A5-45E3-ADEA-DF6C74ED6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E4DE4-8031-4396-A0CD-30FE83B5260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E25851EF-669E-442B-81D0-168BF4D4034E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "2582745F-44A4-46C4-9CF7-D27E6489B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2700C-45F0-4041-AE69-3D4E4FE8186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1DD71-9507-48BF-B58F-81EB7A233021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD5976-80C8-4481-90CA-97F99463A90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.83:*:*:*:*:*:*:*",
"matchCriteriaId": "847EE061-1E27-4A61-9F9C-468EF79E94D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7031FA59-8800-43D0-8C0B-489CEEB89275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA018D-C10B-4923-981D-5A1D51C53630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "B574F796-4988-40C0-9CF4-F23E24CEAC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8D9F8-B501-450D-9632-320FBA5DFBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5260D5-D2AC-4212-8C6E-92CF98908C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "2324085E-1EE1-4950-BFD8-032132AC0C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80DBF89E-EAE1-4D04-8A8F-8154922626A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "C101B6B9-460E-42B6-96E0-FB86BC10EEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C443D69D-BE30-46C6-8940-42367DC263AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "757823F1-7BC4-4C8D-9CC9-D92D910C5CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "DC803888-981A-4C84-89FA-62333581275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76D750-45CB-46CB-94F4-EB1B1FC9D0FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver ABAP Server y ABAP Platform (Enqueue Server), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73, KERNEL - 7.22,8.04 , 7.49,7.53,7.73, permite a un atacante no autenticado sin conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de entrada en el m\u00e9todo EnqConvUniToSrvReq() causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27630",
"lastModified": "2024-11-21T05:58:20.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:09.107",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-09 14:15
Modified
2024-11-21 05:58
Severity ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3020104 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_as_abap | kernel_7.22 | |
| sap | netweaver_as_abap | kernel_7.49 | |
| sap | netweaver_as_abap | kernel_7.53 | |
| sap | netweaver_as_abap | kernel_7.73 | |
| sap | netweaver_as_abap | kernel_7.77 | |
| sap | netweaver_as_abap | kernel_7.81 | |
| sap | netweaver_as_abap | kernel_7.82 | |
| sap | netweaver_as_abap | kernel_7.83 | |
| sap | netweaver_as_abap | kernel_8.04 | |
| sap | netweaver_as_abap | krnl32nuc_7.22 | |
| sap | netweaver_as_abap | krnl32nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.22 | |
| sap | netweaver_as_abap | krnl64nuc_7.22ext | |
| sap | netweaver_as_abap | krnl64nuc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.22 | |
| sap | netweaver_as_abap | krnl64uc_7.22ext | |
| sap | netweaver_as_abap | krnl64uc_7.49 | |
| sap | netweaver_as_abap | krnl64uc_7.53 | |
| sap | netweaver_as_abap | krnl64uc_7.73 | |
| sap | netweaver_as_abap | krnl64uc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "01AE0652-85A5-45E3-ADEA-DF6C74ED6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "D25E4DE4-8031-4396-A0CD-30FE83B5260B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "E25851EF-669E-442B-81D0-168BF4D4034E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "2582745F-44A4-46C4-9CF7-D27E6489B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "48D2700C-45F0-4041-AE69-3D4E4FE8186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F1DD71-9507-48BF-B58F-81EB7A233021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53DD5976-80C8-4481-90CA-97F99463A90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_7.83:*:*:*:*:*:*:*",
"matchCriteriaId": "847EE061-1E27-4A61-9F9C-468EF79E94D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:kernel_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7031FA59-8800-43D0-8C0B-489CEEB89275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA018D-C10B-4923-981D-5A1D51C53630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl32nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "B574F796-4988-40C0-9CF4-F23E24CEAC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8D9F8-B501-450D-9632-320FBA5DFBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5260D5-D2AC-4212-8C6E-92CF98908C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "2324085E-1EE1-4950-BFD8-032132AC0C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80DBF89E-EAE1-4D04-8A8F-8154922626A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "C101B6B9-460E-42B6-96E0-FB86BC10EEC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C443D69D-BE30-46C6-8940-42367DC263AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "757823F1-7BC4-4C8D-9CC9-D92D910C5CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "DC803888-981A-4C84-89FA-62333581275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64uc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "BA76D750-45CB-46CB-94F4-EB1B1FC9D0FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
},
{
"lang": "es",
"value": "SAP NetWeaver ABAP Server y ABAP Platform (Enqueue Server), versiones - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT, 7.49, KRNL64UC - 8.04,7.22,7.22EXT, 7.49,7.53,7.73, KERNEL - 7.22,8.04 , 7.49,7.53,7.73, permite a un atacante no autenticado sin conocimiento espec\u00edfico del sistema enviar un paquete especialmente dise\u00f1ado a trav\u00e9s de una red que desencadenar\u00e1 un error interno en el sistema debido a una comprobaci\u00f3n inapropiada de entrada en el m\u00e9todo EnqConvUniToSrvReq() causando el bloqueo del sistema y hacer que no est\u00e9 disponible.\u0026#xa0;En este ataque, ning\u00fan dato del sistema puede ser visualizado o modificado"
}
],
"id": "CVE-2021-27632",
"lastModified": "2024-11-21T05:58:20.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cna@sap.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-09T14:15:09.250",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "cna@sap.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "cna@sap.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-09 23:15
Modified
2024-11-21 06:46
Severity ?
Summary
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3116223 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3116223 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | netweaver_abap | 7.22 | |
| sap | netweaver_abap | 7.22ext | |
| sap | netweaver_abap | 7.49 | |
| sap | netweaver_abap | 7.53 | |
| sap | netweaver_abap | 7.77 | |
| sap | netweaver_abap | 7.81 | |
| sap | netweaver_abap | 7.85 | |
| sap | netweaver_abap | 7.86 | |
| sap | netweaver_abap | 7.87 | |
| sap | netweaver_abap | 8.04 | |
| sap | netweaver_abap | krnl64nuc_7.22 | |
| sap | netweaver_abap | krnl64nuc_8.04 | |
| sap | netweaver_as_abap | 7.22 | |
| sap | netweaver_as_abap | 7.22ext | |
| sap | netweaver_as_abap | 7.49 | |
| sap | netweaver_as_abap | 7.53 | |
| sap | netweaver_as_abap | 7.77 | |
| sap | netweaver_as_abap | 7.81 | |
| sap | netweaver_as_abap | 7.85 | |
| sap | netweaver_as_abap | 7.86 | |
| sap | netweaver_as_abap | 7.87 | |
| sap | netweaver_as_abap | 8.04 | |
| sap | netweaver_as_abap | krnl64nuc_7.22 | |
| sap | netweaver_as_abap | krnl64nuc_8.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBA8C16-AD2E-4046-A22D-B8AB2A38DAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "A701B328-CC8D-4F10-8CDB-47883CAAC116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "699E6EA8-1AA9-4C0E-A373-7E2F93E2F861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "8A748DC7-E701-4E5B-9918-5CA6D7F52899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "9E438D5E-F211-4361-AC2D-E86A7CE88026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "87B7FA96-2BA0-4328-8C97-31129E72D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD5DBA8-4181-41C4-86B2-02615CACA6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "CA794E5E-8C20-4B3A-BF1C-6F9A127F19D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:7.87:*:*:*:*:*:*:*",
"matchCriteriaId": "1812ED28-5F27-4E43-88B5-55D0E37B4426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "5D271FC7-E8B0-4323-9254-9AB9FCE08544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1BE43A-6659-4C08-8194-F85FA47D7D81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_abap:krnl64nuc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "2B72A96D-9567-4A63-B336-A4FF44E55809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F6938B-667A-43C2-AF0E-42CD67B378B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "46CD1D25-308E-474A-8837-55A363FD2159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C4499C-FADC-4B8F-8FD6-489D040FC566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCEC8BE-F106-475F-BFCF-1D2EFB05DECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.77:*:*:*:*:*:*:*",
"matchCriteriaId": "B9756558-70CB-44A8-B1D4-496426B9A820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.81:*:*:*:*:*:*:*",
"matchCriteriaId": "370C6CD1-94C0-4639-8B63-01755B702F4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.85:*:*:*:*:*:*:*",
"matchCriteriaId": "23AE7B69-8A79-4C2E-9C0A-52594F324E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.86:*:*:*:*:*:*:*",
"matchCriteriaId": "312D8ECD-195D-44C2-B040-C4D8BD088CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:7.87:*:*:*:*:*:*:*",
"matchCriteriaId": "A5719E2B-20F7-4FD7-B51E-87CC76FD94FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6F14E0EB-94CD-445C-BE80-97A27B11C3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A8D9F8-B501-450D-9632-320FBA5DFBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver_as_abap:krnl64nuc_8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "2253203D-1B9E-4AFA-957E-EFF819502B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
},
{
"lang": "es",
"value": "SAP NetWeaver Application Server for ABAP (Kernel) y ABAP Platform (Kernel) - versiones KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, no comprueba suficientemente la informaci\u00f3n de sap-passport, lo que podr\u00eda conllevar un ataque de Denegaci\u00f3n de Servicio. Esto permite a un usuario remoto no autorizado provocar un bloqueo del proceso de trabajo del SAP Web Dispatcher o del Kernel. El proceso colapsado puede reiniciarse inmediatamente, los dem\u00e1s procesos no est\u00e1n afectados"
}
],
"id": "CVE-2022-22543",
"lastModified": "2024-11-21T06:46:59.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-09T23:15:18.913",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
cve-2022-27668
Vulnerability from cvelistv5
Published
2022-06-14 16:57
Modified
2024-08-03 05:33
Severity ?
EPSS score ?
Summary
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/3158375 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2022/Sep/17 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver and ABAP Platform |
Version: KERNEL 7.49 Version: 7.77 Version: 7.81 Version: 7.85 Version: 7.86 Version: 7.87 Version: 7.88 Version: KRNL64NUC 7.49 Version: KRNL64UC 7.49 Version: SAP_ROUTER 7.53 Version: 7.22 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:33:00.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3158375"
},
{
"name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver and ABAP Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "KERNEL 7.49"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.86"
},
{
"status": "affected",
"version": "7.87"
},
{
"status": "affected",
"version": "7.88"
},
{
"status": "affected",
"version": "KRNL64NUC 7.49"
},
{
"status": "affected",
"version": "KRNL64UC 7.49"
},
{
"status": "affected",
"version": "SAP_ROUTER 7.53"
},
{
"status": "affected",
"version": "7.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T15:06:17",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3158375"
},
{
"name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Sep/17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-27668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver and ABAP Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "KERNEL 7.49"
},
{
"version_affected": "=",
"version_value": "7.77"
},
{
"version_affected": "=",
"version_value": "7.81"
},
{
"version_affected": "=",
"version_value": "7.85"
},
{
"version_affected": "=",
"version_value": "7.86"
},
{
"version_affected": "=",
"version_value": "7.87"
},
{
"version_affected": "=",
"version_value": "7.88"
},
{
"version_affected": "=",
"version_value": "KRNL64NUC 7.49"
},
{
"version_affected": "=",
"version_value": "KRNL64UC 7.49"
},
{
"version_affected": "=",
"version_value": "SAP_ROUTER 7.53"
},
{
"version_affected": "=",
"version_value": "7.22"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3158375",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3158375"
},
{
"name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Sep/17"
},
{
"name": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-27668",
"datePublished": "2022-06-14T16:57:29",
"dateReserved": "2022-03-23T00:00:00",
"dateUpdated": "2024-08-03T05:33:00.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27629
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Improper Input Validation (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27629",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27606
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Improper Input Validation (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27606",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27631
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "Improper Input Validation (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27631",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0321
Vulnerability from cvelistv5
Published
2019-07-10 18:54
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/109078 | vdb-entry, x_refsource_BID | |
| https://launchpad.support.sap.com/#/notes/2773888 | x_refsource_MISC | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | ABAP Server and ABAP Platform (SAP Basis) |
Version: < 7.31 Version: < 7.4 Version: < 7.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "109078",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109078"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2773888"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABAP Server and ABAP Platform (SAP Basis)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.4"
},
{
"status": "affected",
"version": "\u003c 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-10T18:55:33",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "109078",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109078"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2773888"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABAP Server and ABAP Platform (SAP Basis)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.4"
},
{
"version_name": "\u003c",
"version_value": "7.5"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "109078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109078"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2773888",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2773888"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0321",
"datePublished": "2019-07-10T18:54:44",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27628
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL32UC - 7.22 Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 Version: < 7.77 Version: < 7.81 Version: < 7.82 Version: < 7.83 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3021197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL32UC - 7.22"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
},
{
"status": "affected",
"version": "\u003c 7.77"
},
{
"status": "affected",
"version": "\u003c 7.81"
},
{
"status": "affected",
"version": "\u003c 7.82"
},
{
"status": "affected",
"version": "\u003c 7.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Improper Input Validation (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3021197"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27628",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22543
Vulnerability from cvelistv5
Published
2022-02-09 22:05
Modified
2024-08-03 03:14
Severity ?
EPSS score ?
Summary
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.support.sap.com/#/notes/3116223 | x_refsource_MISC | |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) |
Version: KERNEL 7.22 Version: 8.04 Version: 7.49 Version: 7.53 Version: 7.77 Version: 7.81 Version: 7.85 Version: 7.86 Version: 7.87 Version: KRNL64UC 8.04 Version: 7.22 Version: 7.22EXT Version: KRNL64NUC 7.22 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "8.04"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.81"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.86"
},
{
"status": "affected",
"version": "7.87"
},
{
"status": "affected",
"version": "KRNL64UC 8.04"
},
{
"status": "affected",
"version": "7.22"
},
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "KRNL64NUC 7.22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:19:34",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-22543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "KERNEL 7.22"
},
{
"version_affected": "=",
"version_value": "8.04"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "7.77"
},
{
"version_affected": "=",
"version_value": "7.81"
},
{
"version_affected": "=",
"version_value": "7.85"
},
{
"version_affected": "=",
"version_value": "7.86"
},
{
"version_affected": "=",
"version_value": "7.87"
},
{
"version_affected": "=",
"version_value": "KRNL64UC 8.04"
},
{
"version_affected": "=",
"version_value": "7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
},
{
"version_affected": "=",
"version_value": "KRNL64NUC 7.22"
},
{
"version_affected": "=",
"version_value": "7.22EXT"
},
{
"version_affected": "=",
"version_value": "7.49"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/3116223",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3116223"
},
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-22543",
"datePublished": "2022-02-09T22:05:27",
"dateReserved": "2022-01-04T00:00:00",
"dateUpdated": "2024-08-03T03:14:55.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27630
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "Improper Input Validation (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27630",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27632
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "Improper Input Validation (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3020104"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27632",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0257
Vulnerability from cvelistv5
Published
2019-02-15 18:00
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/2728839 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/106999 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | ABAP Platform(SAP Basis) |
Version: < from 7.0 to 7.02 Version: < from 7.10 to 7.11 Version: < 7.30 Version: < 7.31 Version: < 7.40 Version: < from 7.50 to 7.53 Version: < from 7.74 to 7.75 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2728839"
},
{
"name": "106999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABAP Platform(SAP Basis)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.0 to 7.02"
},
{
"status": "affected",
"version": "\u003c from 7.10 to 7.11"
},
{
"status": "affected",
"version": "\u003c 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c from 7.50 to 7.53"
},
{
"status": "affected",
"version": "\u003c from 7.74 to 7.75"
}
]
}
],
"datePublic": "2019-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-16T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2728839"
},
{
"name": "106999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABAP Platform(SAP Basis)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.0 to 7.02"
},
{
"version_name": "\u003c",
"version_value": "from 7.10 to 7.11"
},
{
"version_name": "\u003c",
"version_value": "7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "from 7.50 to 7.53"
},
{
"version_name": "\u003c",
"version_value": "from 7.74 to 7.75"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2728839",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2728839"
},
{
"name": "106999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0257",
"datePublished": "2019-02-15T18:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27607
Vulnerability from cvelistv5
Published
2021-06-09 00:00
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP SE | SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher) |
Version: < KRNL32NUC - 7.22 Version: < 7.22EXT Version: < KRNL32UC - 7.22 Version: < KRNL64NUC - 7.22 Version: < 7.49 Version: < KRNL64UC - 8.04 Version: < 7.22 Version: < 7.53 Version: < 7.73 Version: < KERNEL - 7.22 Version: < 8.04 Version: < 7.77 Version: < 7.81 Version: < 7.82 Version: < 7.83 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3021197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c KRNL32NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c KRNL32UC - 7.22"
},
{
"status": "affected",
"version": "\u003c KRNL64NUC - 7.22"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c KRNL64UC - 8.04"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c KERNEL - 7.22"
},
{
"status": "affected",
"version": "\u003c 8.04"
},
{
"status": "affected",
"version": "\u003c 7.77"
},
{
"status": "affected",
"version": "\u003c 7.81"
},
{
"status": "affected",
"version": "\u003c 7.82"
},
{
"status": "affected",
"version": "\u003c 7.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "Improper Input Validation (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3021197"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-27607",
"datePublished": "2021-06-09T00:00:00",
"dateReserved": "2021-02-23T00:00:00",
"dateUpdated": "2024-08-03T21:26:09.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}