Search criteria
33 vulnerabilities found for sap_kernel by sap
FKIE_CVE-2019-0365
Vulnerability from fkie_nvd - Published: 2019-09-10 17:15 - Updated: 2024-11-21 04:16
Severity ?
Summary
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2786151 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2786151 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.53 | |
| sap | sap_kernel | 7.73 | |
| sap | sap_kernel | 7.76 | |
| sap | sap_kernel_krnl32nuc | 7.21 | |
| sap | sap_kernel_krnl32nuc | 7.21ext | |
| sap | sap_kernel_krnl32nuc | 7.22 | |
| sap | sap_kernel_krnl32nuc | 7.22ext | |
| sap | sap_kernel_krnl32uc | 7.21 | |
| sap | sap_kernel_krnl32uc | 7.21ext | |
| sap | sap_kernel_krnl32uc | 7.22 | |
| sap | sap_kernel_krnl32uc | 7.22ext | |
| sap | sap_kernel_krnl64nuc | 7.21 | |
| sap | sap_kernel_krnl64nuc | 7.21ext | |
| sap | sap_kernel_krnl64nuc | 7.22 | |
| sap | sap_kernel_krnl64nuc | 7.22ext | |
| sap | sap_kernel_krnl64uc | 7.21 | |
| sap | sap_kernel_krnl64uc | 7.21ext | |
| sap | sap_kernel_krnl64uc | 7.22 | |
| sap | sap_kernel_krnl64uc | 7.22ext | |
| sap | sap_kernel_krnl64uc | 7.49 | |
| sap | sap_kernel_krnl64uc | 7.73 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7EA62C-67A6-4971-AC33-D5A3D390CE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DC3DD5-36D6-462E-BD41-E1EDB5843A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE0BD24-5846-4C18-BC80-3C20C10DBCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D3942B-2628-4DBE-A45E-BB0B7720611F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "453954CC-8BC4-44FA-B398-EEFB9E753219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "07F567A3-D352-45CC-9FD9-A527C00AC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "7E606FEC-E678-470A-8CFF-EA23A7B18E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32uc:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F36AED-EBEC-4829-BE19-4C21A42A8333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32uc:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BA2FE6-9AAC-421F-80F1-C1A10F7412AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32uc:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE57B68-EB51-4FA3-9E1B-6F2F5ABEBA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32uc:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "9B30BF5A-F8C3-42FE-A6F3-26AE4AFCE1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "55056F3E-ADB1-4C8A-B26B-635647BC62FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "C799F460-05EF-4639-80FF-FD46A44FE225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BED67005-0801-4F04-9657-EBEC88ABB5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "397FD4D5-A263-4366-A39F-20BECC22AB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8F057A-C567-488B-9C04-0E40B0C97954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "68A9472A-A1E8-487C-B0C2-0F61D48C3766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "DE184F25-627E-4C8A-98D2-2EB0E9D2D96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "A0BE71FB-A9E3-4CEC-A3B4-98B11DCD6B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "8952A720-B281-4265-B659-4DEE5F0BD257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "709E6F88-14EA-4669-AEA5-C9C699428733",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
},
{
"lang": "es",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC y KRNL64NUC versiones anteriores a 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, versiones anteriores a 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 y KERNEL versiones anteriores a 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) versiones anteriores a 7.5, 7.6 y SAP GUI para Java (BC-FES-JAV) anteriores a versi\u00f3n 7.5, permiten a un atacante impedir que usuarios leg\u00edtimos accedan a un servicio, ya sea mediante el bloqueo o la inundaci\u00f3n del servicio."
}
],
"id": "CVE-2019-0365",
"lastModified": "2024-11-21T04:16:44.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-10T17:15:11.330",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-0271
Vulnerability from fkie_nvd - Published: 2019-03-12 22:29 - Updated: 2024-11-21 04:16
Severity ?
Summary
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | advanced_business_application_programming_platform | - | |
| sap | advanced_business_application_programming_server | * | |
| sap | advanced_business_application_programming_server | * | |
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F4E561-9FA1-445C-822A-F46AA9AEA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE02B80-95AF-4B35-B2CF-EE90B32DA3BA",
"versionEndIncluding": "7.31",
"versionStartIncluding": "7.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "099C5E3A-0C59-437A-8353-441A5A059D16",
"versionEndIncluding": "7.52",
"versionStartIncluding": "7.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7EA62C-67A6-4971-AC33-D5A3D390CE52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below."
},
{
"lang": "es",
"value": "El servidor ABAP (utilizado en NetWeaver y Suite / ERP) y la plataforma ABAP no validan suficientemente un documento XML aceptado de una fuente no segura, lo que genera una vulnerabilidad de entidad externa XML (XEE). Se corrigi\u00f3 en Kernel 7.21 o 7.22, que es el Servidor ABAP 7.00 a 7.31 y Kernel 7.45, 7.49 o 7.53, que es el Servidor ABAP 7.40 a 7.52 o la Plataforma ABAP. Para actualizaciones m\u00e1s recientes, consulte la Nota de seguridad 2870067 (que reemplaza la soluci\u00f3n de la Nota de seguridad 2736825) en la secci\u00f3n de referencia a continuaci\u00f3n."
}
],
"id": "CVE-2019-0271",
"lastModified": "2024-11-21T04:16:36.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-12T22:29:00.487",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-2441
Vulnerability from fkie_nvd - Published: 2018-08-14 16:29 - Updated: 2024-11-21 04:03
Severity ?
Summary
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/105090 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2671160 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105090 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2671160 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.21ext | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.22ext | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.53 | |
| sap | sap_kernel | 7.73 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "168D38D8-CE37-4FF4-B089-DCBB0D5A3387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "56247321-E033-4097-A176-BE71DEBD5920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7EA62C-67A6-4971-AC33-D5A3D390CE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DC3DD5-36D6-462E-BD41-E1EDB5843A8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."
},
{
"lang": "es",
"value": "En ciertas condiciones, SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 y 7.73, permiten que un atacante transporte informaci\u00f3n que, de otra forma, estar\u00eda restringida."
}
],
"id": "CVE-2018-2441",
"lastModified": "2024-11-21T04:03:49.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-14T16:29:00.553",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-2433
Vulnerability from fkie_nvd - Published: 2018-07-10 18:29 - Updated: 2024-11-21 04:03
Severity ?
Summary
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2597913 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2597913 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.21ext | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.22ext | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "168D38D8-CE37-4FF4-B089-DCBB0D5A3387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "56247321-E033-4097-A176-BE71DEBD5920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "306EBEDB-BF90-46C5-99B1-C7ADAF1B8611",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
},
{
"lang": "es",
"value": "SAP Gateway (SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.53) permite que un atacante evite que usuarios leg\u00edtimos accedan a un servicio, ya sea inund\u00e1ndolo o provocando su cierre inesperado."
}
],
"id": "CVE-2018-2433",
"lastModified": "2024-11-21T04:03:48.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-10T18:29:00.907",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-2360
Vulnerability from fkie_nvd - Published: 2018-01-09 15:29 - Updated: 2024-11-21 04:03
Severity ?
Summary
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/102448 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ | Vendor Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2523961 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102448 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2523961 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "F42A1C8B-C830-4DA0-BEE6-04E3FF744FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72873D-9926-40CA-B33E-8AF0FAAFF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "42D5F7BF-A95A-49AE-A962-DBF53181E2E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage."
},
{
"lang": "es",
"value": "SAP Startup Service y SAP KERNEL, en versiones 7.45, 7.49 y 7.52 no tienen comprobaci\u00f3n de autenticaci\u00f3n para funcionalidades que requieran la identidad del usuario y provoquen el consumo del almacenamiento del sistema de archivos."
}
],
"id": "CVE-2018-2360",
"lastModified": "2024-11-21T04:03:40.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-09T15:29:00.213",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102448"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-16679
Vulnerability from fkie_nvd - Published: 2017-12-12 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/102157 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | Issue Tracking, Vendor Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2520995 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102157 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2520995 | Permissions Required, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.21ext | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.22ext | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "157D157A-6B01-478F-A7B9-D0FAD0636DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "63A2F363-A557-429E-97B2-0DFBC93F2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB51CE2C-7E65-4214-B14B-19593BE9F26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "F41CD116-6BDD-432D-A194-316AB42A6ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "F42A1C8B-C830-4DA0-BEE6-04E3FF744FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72873D-9926-40CA-B33E-8AF0FAAFF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "42D5F7BF-A95A-49AE-A962-DBF53181E2E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "URL redirection vulnerability in SAP\u0027s Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL en SAP Startup Service; SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.52, que permite que un atacante redirija usuarios a un sitio malicioso."
}
],
"id": "CVE-2017-16679",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-12T14:29:00.233",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"source": "cna@sap.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-16689
Vulnerability from fkie_nvd - Published: 2017-12-12 14:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/102144 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | Issue Tracking, Vendor Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2449757 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102144 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2449757 | Permissions Required, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.21ext | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.22ext | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "168D38D8-CE37-4FF4-B089-DCBB0D5A3387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "56247321-E033-4097-A176-BE71DEBD5920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."
},
{
"lang": "es",
"value": "Una conexi\u00f3n RFC fiable en SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL desde la versi\u00f3n 7.21 hasta la 7.22, 7.45, 7.49, puede establecerse para un cliente o usuario diferentes en el mismo sistema aunque no se haya definido una relaci\u00f3n Trusted/Trusting expl\u00edcita con el mismo sistema."
}
],
"id": "CVE-2017-16689",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-12T14:29:00.640",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"source": "cna@sap.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5997
Vulnerability from fkie_nvd - Published: 2017-02-15 19:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.42 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.42:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C08BB4-AF7D-4609-A892-3FE34AF27F44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972."
},
{
"lang": "es",
"value": "El demonio de SAP Message Server HTTP en SAP KERNEL 7.21-7.49 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda de proceso) a trav\u00e9s de m\u00faltiples solicitudes msgserver/group?group= con un tama\u00f1o manipulado del par\u00e1metro de grupo, vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2358972."
}
],
"id": "CVE-2017-5997",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T19:59:01.330",
"references": [
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9595
Vulnerability from fkie_nvd - Published: 2015-01-15 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.00 | |
| sap | sap_kernel | 7.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.00:*:*:*:*:*:x86:*",
"matchCriteriaId": "F424D2BC-63D1-49D9-9DF7-DE2F34DEED24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.40:*:*:*:*:*:x64:*",
"matchCriteriaId": "AD16EF24-86FF-43A3-87EF-E5977CDA140E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en SAP NetWeaver Dispatcher en SAP Kernel 7.00 de 32 bits y 7.40 de 64 bits permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, relacionado con Spool System, tambi\u00e9n conocido como SAP Nota 2061271."
}
],
"id": "CVE-2014-9595",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-15T15:59:25.763",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62150"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-9594
Vulnerability from fkie_nvd - Published: 2015-01-15 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.00 | |
| sap | sap_kernel | 7.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.00:*:*:*:*:*:x86:*",
"matchCriteriaId": "F424D2BC-63D1-49D9-9DF7-DE2F34DEED24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.40:*:*:*:*:*:x64:*",
"matchCriteriaId": "AD16EF24-86FF-43A3-87EF-E5977CDA140E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en SAP NetWeaver Dispatcher en SAP Kernel 7.00 de 32 bits y 7.40 de 64 bits permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, relacionado con el VM ABAP, tambi\u00e9n conocido como SAP Nota 2059734."
}
],
"id": "CVE-2014-9594",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-15T15:59:24.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62150"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-0365 (GCVE-0-2019-0365)
Vulnerability from cvelistv5 – Published: 2019-09-10 16:15 – Updated: 2024-08-04 17:44
VLAI?
Summary
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SAP SE | SAP Kernel (KRNL32NUC) |
Affected:
< 7.21
Affected: < 7.21EXT Affected: < 7.22 Affected: < 7.22EXT |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Kernel (KRNL32NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "SAP Kernel (KRNL32UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "SAP Kernel (KRNL64NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
}
]
},
{
"product": "SAP Kernel (KRNL64UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.73"
}
]
},
{
"product": "SAP Kernel (KERNEL)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c 7.76"
}
]
},
{
"product": "SAP GUI for Windows (BC-FES-GUI)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.5"
},
{
"status": "affected",
"version": "\u003c 7.6"
}
]
},
{
"product": "SAP GUI for Java (BC-FES-JAV)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T16:15:26",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Kernel (KRNL32NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP Kernel (KRNL32UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP Kernel (KRNL64NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
}
]
}
},
{
"product_name": "SAP Kernel (KRNL64UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.73"
}
]
}
},
{
"product_name": "SAP Kernel (KERNEL)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "7.73"
},
{
"version_name": "\u003c",
"version_value": "7.76"
}
]
}
},
{
"product_name": "SAP GUI for Windows (BC-FES-GUI)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.5"
},
{
"version_name": "\u003c",
"version_value": "7.6"
}
]
}
},
{
"product_name": "SAP GUI for Java (BC-FES-JAV)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.5"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2786151",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2786151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0365",
"datePublished": "2019-09-10T16:15:26",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0271 (GCVE-0-2019-0271)
Vulnerability from cvelistv5 – Published: 2019-03-12 22:00 – Updated: 2024-08-04 17:44
VLAI?
Summary
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.
Severity ?
No CVSS data available.
CWE
- XML External Entity (XXE)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SAP SE | ABAP Server |
Affected:
< from 7.00 to 7.31
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABAP Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.00 to 7.31"
}
]
},
{
"product": "ABAP Server \u0026 Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.40 to 7.52"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T19:38:45",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "107355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABAP Server",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.00 to 7.31"
}
]
}
},
{
"product_name": "ABAP Server \u0026 Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.40 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107355"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2870067",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2736825",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0271",
"datePublished": "2019-03-12T22:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2441 (GCVE-0-2018-2441)
Vulnerability from cvelistv5 – Published: 2018-08-14 16:00 – Updated: 2024-08-05 04:21
VLAI?
Summary
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | SAP Change and Transport System (ABAP) |
Affected:
SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT
Affected: SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Change and Transport System (ABAP)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73"
}
]
}
],
"datePublic": "2018-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "105090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Change and Transport System (ABAP)",
"version": {
"version_data": [
{
"version_name": "SAP KERNEL 32 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 32 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL ",
"version_value": "7.21, 7.22, 7.45, 7.49, 7.53 and 7.73"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105090"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2671160",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2441",
"datePublished": "2018-08-14T16:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2433 (GCVE-0-2018-2433)
Vulnerability from cvelistv5 – Published: 2018-07-10 18:00 – Updated: 2024-08-05 04:21
VLAI?
Summary
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | SAP Gateway |
Affected:
SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT
Affected: SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Gateway",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-10T17:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Gateway",
"version": {
"version_data": [
{
"version_name": "SAP KERNEL 32 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 32 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL ",
"version_value": "7.21, 7.22, 7.45, 7.49 and 7.53"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2597913",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2433",
"datePublished": "2018-07-10T18:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2360 (GCVE-0-2018-2360)
Vulnerability from cvelistv5 – Published: 2018-01-09 15:00 – Updated: 2024-08-05 04:14
VLAI?
Summary
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
Severity ?
No CVSS data available.
CWE
- Missing Authentication
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Startup Service |
Affected:
7.45
Affected: 7.49 Affected: 7.52 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "102448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Startup Service",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.52"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "102448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Startup Service",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2523961",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"name": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "102448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2360",
"datePublished": "2018-01-09T15:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:14:39.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16679 (GCVE-0-2017-16679)
Vulnerability from cvelistv5 – Published: 2017-12-12 14:00 – Updated: 2024-09-16 17:03
VLAI?
Summary
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
Severity ?
No CVSS data available.
CWE
- URL Redirection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | SAP Startup Service |
Affected:
SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Startup Service",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52."
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "URL redirection vulnerability in SAP\u0027s Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL Redirection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Startup Service",
"version": {
"version_data": [
{
"version_value": "SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52."
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URL redirection vulnerability in SAP\u0027s Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102157"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2520995",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16679",
"datePublished": "2017-12-12T14:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-16T17:03:13.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16689 (GCVE-0-2017-16689)
Vulnerability from cvelistv5 – Published: 2017-12-12 14:00 – Updated: 2024-09-17 03:03
VLAI?
Summary
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
Severity ?
No CVSS data available.
CWE
- Additional authentication check in Trusted RFC on same system
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | Trusted RFC connection |
Affected:
SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102144",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trusted RFC connection",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Additional authentication check in Trusted RFC on same system",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "102144",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trusted RFC connection",
"version": {
"version_data": [
{
"version_value": "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Additional authentication check in Trusted RFC on same system"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102144"
},
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2449757",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16689",
"datePublished": "2017-12-12T14:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-17T03:03:01.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5997 (GCVE-0-2017-5997)
Vulnerability from cvelistv5 – Published: 2017-02-15 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5997",
"datePublished": "2017-02-15T19:00:00",
"dateReserved": "2017-02-15T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9595 (GCVE-0-2014-9595)
Vulnerability from cvelistv5 – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:47
VLAI?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"name": "62150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62150"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9595",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-15T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9594 (GCVE-0-2014-9594)
Vulnerability from cvelistv5 – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:47
VLAI?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62150"
},
{
"name": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9594",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-15T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0365 (GCVE-0-2019-0365)
Vulnerability from nvd – Published: 2019-09-10 16:15 – Updated: 2024-08-04 17:44
VLAI?
Summary
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SAP SE | SAP Kernel (KRNL32NUC) |
Affected:
< 7.21
Affected: < 7.21EXT Affected: < 7.22 Affected: < 7.22EXT |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Kernel (KRNL32NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "SAP Kernel (KRNL32UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "SAP Kernel (KRNL64NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
}
]
},
{
"product": "SAP Kernel (KRNL64UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.73"
}
]
},
{
"product": "SAP Kernel (KERNEL)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c 7.76"
}
]
},
{
"product": "SAP GUI for Windows (BC-FES-GUI)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.5"
},
{
"status": "affected",
"version": "\u003c 7.6"
}
]
},
{
"product": "SAP GUI for Java (BC-FES-JAV)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T16:15:26",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Kernel (KRNL32NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP Kernel (KRNL32UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP Kernel (KRNL64NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
}
]
}
},
{
"product_name": "SAP Kernel (KRNL64UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.73"
}
]
}
},
{
"product_name": "SAP Kernel (KERNEL)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "7.73"
},
{
"version_name": "\u003c",
"version_value": "7.76"
}
]
}
},
{
"product_name": "SAP GUI for Windows (BC-FES-GUI)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.5"
},
{
"version_name": "\u003c",
"version_value": "7.6"
}
]
}
},
{
"product_name": "SAP GUI for Java (BC-FES-JAV)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.5"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2786151",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2786151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0365",
"datePublished": "2019-09-10T16:15:26",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0271 (GCVE-0-2019-0271)
Vulnerability from nvd – Published: 2019-03-12 22:00 – Updated: 2024-08-04 17:44
VLAI?
Summary
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.
Severity ?
No CVSS data available.
CWE
- XML External Entity (XXE)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| SAP SE | ABAP Server |
Affected:
< from 7.00 to 7.31
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABAP Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.00 to 7.31"
}
]
},
{
"product": "ABAP Server \u0026 Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.40 to 7.52"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T19:38:45",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "107355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABAP Server",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.00 to 7.31"
}
]
}
},
{
"product_name": "ABAP Server \u0026 Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.40 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107355"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2870067",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2736825",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0271",
"datePublished": "2019-03-12T22:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2441 (GCVE-0-2018-2441)
Vulnerability from nvd – Published: 2018-08-14 16:00 – Updated: 2024-08-05 04:21
VLAI?
Summary
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | SAP Change and Transport System (ABAP) |
Affected:
SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT
Affected: SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Change and Transport System (ABAP)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73"
}
]
}
],
"datePublic": "2018-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "105090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Change and Transport System (ABAP)",
"version": {
"version_data": [
{
"version_name": "SAP KERNEL 32 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 32 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL ",
"version_value": "7.21, 7.22, 7.45, 7.49, 7.53 and 7.73"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105090"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2671160",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2441",
"datePublished": "2018-08-14T16:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2433 (GCVE-0-2018-2433)
Vulnerability from nvd – Published: 2018-07-10 18:00 – Updated: 2024-08-05 04:21
VLAI?
Summary
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | SAP Gateway |
Affected:
SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT
Affected: SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Affected: SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Gateway",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-10T17:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Gateway",
"version": {
"version_data": [
{
"version_name": "SAP KERNEL 32 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 32 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL ",
"version_value": "7.21, 7.22, 7.45, 7.49 and 7.53"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2597913",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2433",
"datePublished": "2018-07-10T18:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2360 (GCVE-0-2018-2360)
Vulnerability from nvd – Published: 2018-01-09 15:00 – Updated: 2024-08-05 04:14
VLAI?
Summary
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
Severity ?
No CVSS data available.
CWE
- Missing Authentication
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Startup Service |
Affected:
7.45
Affected: 7.49 Affected: 7.52 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "102448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Startup Service",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.52"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "102448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Startup Service",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2523961",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"name": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "102448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2360",
"datePublished": "2018-01-09T15:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:14:39.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16679 (GCVE-0-2017-16679)
Vulnerability from nvd – Published: 2017-12-12 14:00 – Updated: 2024-09-16 17:03
VLAI?
Summary
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
Severity ?
No CVSS data available.
CWE
- URL Redirection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | SAP Startup Service |
Affected:
SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Startup Service",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52."
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "URL redirection vulnerability in SAP\u0027s Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL Redirection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Startup Service",
"version": {
"version_data": [
{
"version_value": "SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52."
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URL redirection vulnerability in SAP\u0027s Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102157"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2520995",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16679",
"datePublished": "2017-12-12T14:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-16T17:03:13.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16689 (GCVE-0-2017-16689)
Vulnerability from nvd – Published: 2017-12-12 14:00 – Updated: 2024-09-17 03:03
VLAI?
Summary
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
Severity ?
No CVSS data available.
CWE
- Additional authentication check in Trusted RFC on same system
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | Trusted RFC connection |
Affected:
SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102144",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trusted RFC connection",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Additional authentication check in Trusted RFC on same system",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "102144",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trusted RFC connection",
"version": {
"version_data": [
{
"version_value": "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Additional authentication check in Trusted RFC on same system"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102144"
},
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2449757",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16689",
"datePublished": "2017-12-12T14:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-17T03:03:01.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5997 (GCVE-0-2017-5997)
Vulnerability from nvd – Published: 2017-02-15 19:00 – Updated: 2024-08-05 15:18
VLAI?
Summary
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5997",
"datePublished": "2017-02-15T19:00:00",
"dateReserved": "2017-02-15T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9595 (GCVE-0-2014-9595)
Vulnerability from nvd – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:47
VLAI?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"name": "62150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62150"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9595",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-15T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9594 (GCVE-0-2014-9594)
Vulnerability from nvd – Published: 2015-01-15 15:00 – Updated: 2024-08-06 13:47
VLAI?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62150"
},
{
"name": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9594",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-15T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}