Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-42063 (GCVE-0-2021-42063)
Vulnerability from cvelistv5 – Published: 2021-12-14 15:44 – Updated: 2024-08-04 03:22
VLAI?
EPSS
Summary
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/display/PSR/SAP+Sec… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3102769 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2022/Mar/32 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/166369/SAP-K… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Knowledge Warehouse |
Affected:
< 7.30
Affected: < 7.31 Affected: < 7.40 Affected: < 7.50 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3102769"
},
{
"name": "20220320 [CVE-2021-42063] SAP Knowledge Warehouse \u003c= 7.50 \"SAPIrExtHelp\" Reflected XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Knowledge Warehouse",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.30"
},
{
"status": "affected",
"version": "\u003c 7.31"
},
{
"status": "affected",
"version": "\u003c 7.40"
},
{
"status": "affected",
"version": "\u003c 7.50"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T18:06:06.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3102769"
},
{
"name": "20220320 [CVE-2021-42063] SAP Knowledge Warehouse \u003c= 7.50 \"SAPIrExtHelp\" Reflected XSS",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-42063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Knowledge Warehouse",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3102769",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3102769"
},
{
"name": "20220320 [CVE-2021-42063] SAP Knowledge Warehouse \u003c= 7.50 \"SAPIrExtHelp\" Reflected XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/32"
},
{
"name": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2021-42063",
"datePublished": "2021-12-14T15:44:11.000Z",
"dateReserved": "2021-10-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:22:25.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-42063",
"date": "2026-05-19",
"epss": "0.40784",
"percentile": "0.97423"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:knowledge_warehouse:7.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E2F8A78-727A-428F-A91A-D299C736AF41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:knowledge_warehouse:7.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69CA04E5-F14D-418B-9A41-D8F6CDCC6AC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:knowledge_warehouse:7.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B617547-83A3-4C1C-840A-EA31A9994258\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:knowledge_warehouse:7.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FB8640F-526F-48AF-ACB7-EAFA4E05BD82\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado una vulnerabilidad de seguridad en SAP Knowledge Warehouse - versiones 7.30, 7.31, 7.40, 7.50. El uso de un componente de SAP KW dentro de un navegador web permite a atacantes no autorizados llevar a cabo ataques de tipo XSS, lo que podr\\u00eda conllevar a revelar datos confidenciales\"}]",
"id": "CVE-2021-42063",
"lastModified": "2024-11-21T06:27:10.413",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-12-14T16:15:09.260",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html\", \"source\": \"cna@sap.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Mar/32\", \"source\": \"cna@sap.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3102769\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Mar/32\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/3102769\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-42063\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2021-12-14T16:15:09.260\",\"lastModified\":\"2024-11-21T06:27:10.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado una vulnerabilidad de seguridad en SAP Knowledge Warehouse - versiones 7.30, 7.31, 7.40, 7.50. El uso de un componente de SAP KW dentro de un navegador web permite a atacantes no autorizados llevar a cabo ataques de tipo XSS, lo que podr\u00eda conllevar a revelar datos confidenciales\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:knowledge_warehouse:7.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2F8A78-727A-428F-A91A-D299C736AF41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:knowledge_warehouse:7.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69CA04E5-F14D-418B-9A41-D8F6CDCC6AC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:knowledge_warehouse:7.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B617547-83A3-4C1C-840A-EA31A9994258\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:knowledge_warehouse:7.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FB8640F-526F-48AF-ACB7-EAFA4E05BD82\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Mar/32\",\"source\":\"cna@sap.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3102769\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Mar/32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/3102769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-948
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP UI 700 version 2.0 | ||
| SAP | N/A | SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750 | ||
| SAP | N/A | SAP UI versions 7.5, 7.51, 7.52, 7.53 et 7.54 | ||
| SAP | N/A | SAP Business Client version 6.5 | ||
| SAP | N/A | SAP S/4HANA versions 1511, 1610, 1709, 1809, 1909, 2020 et 2021 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer version 9 | ||
| SAP | N/A | SAP Commerce version 2001 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105 et 2011 | ||
| SAP | N/A | SAP Landscape Transformation version 2.0 | ||
| SAP | N/A | SAF-T Framework versions SAP_FIN 617, 618, 720, 730, SAP_APPL 600, 602, 603, 604, 605, 606, S4CORE 102, 103, 104 et 105 | ||
| SAP | N/A | SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83 | ||
| SAP | N/A | SAP LTRS for S/4HANA version 1.0 | ||
| SAP | N/A | SAP Test Data Migration Server version 4.0 | ||
| SAP | Replication Server | SAP LT Replication Server versions 2.0 et 3.0 | ||
| SAP | N/A | SAP Business One version 10 | ||
| SAP | N/A | SAP ABAP Server & ABAP Platform (Translation Tools) versions 701, 740,750,751,752,753,754,755,756 et 804 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform version 420 | ||
| SAP | N/A | SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP UI 700 version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP UI versions 7.5, 7.51, 7.52, 7.53 et 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client version 6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA versions 1511, 1610, 1709, 1809, 1909, 2020 et 2021",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce version 2001",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105 et 2011",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Landscape Transformation version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAF-T Framework versions SAP_FIN 617, 618, 720, 730, SAP_APPL 600, 602, 603, 604, 605, 606, S4CORE 102, 103, 104 et 105",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP LTRS for S/4HANA version 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Test Data Migration Server version 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP LT Replication Server versions 2.0 et 3.0",
"product": {
"name": "Replication Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP ABAP Server \u0026 ABAP Platform (Translation Tools) versions 701, 740,750,751,752,753,754,755,756 et 804",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform version 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"name": "CVE-2021-44233",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44233"
},
{
"name": "CVE-2021-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42063"
},
{
"name": "CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"name": "CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"name": "CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"name": "CVE-2021-38176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38176"
},
{
"name": "CVE-2021-44231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44231"
},
{
"name": "CVE-2019-0388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0388"
},
{
"name": "CVE-2021-44235",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44235"
},
{
"name": "CVE-2021-42061",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42061"
},
{
"name": "CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"name": "CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"name": "CVE-2021-33683",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33683"
},
{
"name": "CVE-2021-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42069"
},
{
"name": "CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"name": "CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"name": "CVE-2021-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42070"
},
{
"name": "CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"name": "CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"name": "CVE-2021-42064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42064"
},
{
"name": "CVE-2021-44232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44232"
},
{
"name": "CVE-2021-42068",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42068"
},
{
"name": "CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"name": "CVE-2021-42066",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42066"
},
{
"name": "CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-948",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 14 d\u00e9cembre 2021",
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
}
]
}
CERTFR-2022-AVI-819
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420, 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (CMC) versions 430 | ||
| SAP | N/A | SAP Access Control version 12 | ||
| SAP | N/A | SAP Knowledge Warehouse versions 7.30, 7.31, 7.40, 7.50 | ||
| SAP | N/A | SAP NetWeaverASABAP versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.89, 7.54 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal (KMC) version 7.50 | ||
| SAP | N/A | SAP SuccessFactors attachment API for Mobile Application(Android &iOS) versions antérieures à 8.0.5 | ||
| SAP | N/A | SAP Business One version 10.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420, 430 | ||
| SAP | N/A | SAP NetWeaverASABAP (SAPGUIfor HTML within the Fiori Launchpad) versions KERNEL 7.77, 7.81, 7.85, 7.89, 7.54 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0, 7.70 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750-756, 787 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (CMC) versions 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Access Control version 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Knowledge Warehouse versions 7.30, 7.31, 7.40, 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaverASABAP versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.89, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal (KMC) version 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP SuccessFactors attachment API for Mobile Application(Android \u0026iOS) versions ant\u00e9rieures \u00e0 8.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One version 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaverASABAP (SAPGUIfor HTML within the Fiori Launchpad) versions KERNEL 7.77, 7.81, 7.85, 7.89, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0, 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750-756, 787",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35294"
},
{
"name": "CVE-2021-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42063"
},
{
"name": "CVE-2022-35291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35291"
},
{
"name": "CVE-2022-39801",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39801"
},
{
"name": "CVE-2022-28214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28214"
},
{
"name": "CVE-2022-28215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28215"
},
{
"name": "CVE-2022-39014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39014"
},
{
"name": "CVE-2022-35292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35292"
},
{
"name": "CVE-2022-35298",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35298"
},
{
"name": "CVE-2022-39799",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39799"
},
{
"name": "CVE-2022-35295",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35295"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-819",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 13 septembre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026todaysdate=2022-09-14"
}
]
}
CERTFR-2023-AVI-0454
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | Master Data Synchronization (MDS COMPARE TOOL) versions SAP_APPL 600, 602, 603, 604, 605, 606 et 616 | ||
| SAP | N/A | SAP CRM (WebClient UI) versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80 | ||
| SAP | N/A | SAP CRM ABAP (Grantor Management) version 430 | ||
| SAP | N/A | SAP NetWeaver (Change and Transport System) versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757 | ||
| SAP | N/A | SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106 | ||
| SAP | N/A | SAP NetWeaver (Design Time Repository) version 7.50 | ||
| SAP | N/A | SAP UI5 Variant Management versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420 et 430 | ||
| SAP | N/A | SAP Plant Connectivity version 15.5 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal version 7.50 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Master Data Synchronization (MDS COMPARE TOOL) versions SAP_APPL 600, 602, 603, 604, 605, 606 et 616",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CRM (WebClient UI) versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CRM ABAP (Grantor Management) version 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Change and Transport System) versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Design Time Repository) version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP UI5 Variant Management versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Plant Connectivity version 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal version 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42063"
},
{
"name": "CVE-2023-32115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32115"
},
{
"name": "CVE-2023-33991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33991"
},
{
"name": "CVE-2023-33986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33986"
},
{
"name": "CVE-2023-2827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2827"
},
{
"name": "CVE-2023-30743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30743"
},
{
"name": "CVE-2023-33984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33984"
},
{
"name": "CVE-2023-30742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30742"
},
{
"name": "CVE-2023-32114",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32114"
},
{
"name": "CVE-2023-31406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31406"
},
{
"name": "CVE-2022-22542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22542"
},
{
"name": "CVE-2023-33985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33985"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0454",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 13 juin 2023",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1"
}
]
}
CERTFR-2021-AVI-948
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP UI 700 version 2.0 | ||
| SAP | N/A | SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750 | ||
| SAP | N/A | SAP UI versions 7.5, 7.51, 7.52, 7.53 et 7.54 | ||
| SAP | N/A | SAP Business Client version 6.5 | ||
| SAP | N/A | SAP S/4HANA versions 1511, 1610, 1709, 1809, 1909, 2020 et 2021 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer version 9 | ||
| SAP | N/A | SAP Commerce version 2001 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105 et 2011 | ||
| SAP | N/A | SAP Landscape Transformation version 2.0 | ||
| SAP | N/A | SAF-T Framework versions SAP_FIN 617, 618, 720, 730, SAP_APPL 600, 602, 603, 604, 605, 606, S4CORE 102, 103, 104 et 105 | ||
| SAP | N/A | SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83 | ||
| SAP | N/A | SAP LTRS for S/4HANA version 1.0 | ||
| SAP | N/A | SAP Test Data Migration Server version 4.0 | ||
| SAP | Replication Server | SAP LT Replication Server versions 2.0 et 3.0 | ||
| SAP | N/A | SAP Business One version 10 | ||
| SAP | N/A | SAP ABAP Server & ABAP Platform (Translation Tools) versions 701, 740,750,751,752,753,754,755,756 et 804 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform version 420 | ||
| SAP | N/A | SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP UI 700 version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP UI versions 7.5, 7.51, 7.52, 7.53 et 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client version 6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA versions 1511, 1610, 1709, 1809, 1909, 2020 et 2021",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce version 2001",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105 et 2011",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Landscape Transformation version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAF-T Framework versions SAP_FIN 617, 618, 720, 730, SAP_APPL 600, 602, 603, 604, 605, 606, S4CORE 102, 103, 104 et 105",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP LTRS for S/4HANA version 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Test Data Migration Server version 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP LT Replication Server versions 2.0 et 3.0",
"product": {
"name": "Replication Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP ABAP Server \u0026 ABAP Platform (Translation Tools) versions 701, 740,750,751,752,753,754,755,756 et 804",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform version 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"name": "CVE-2021-44233",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44233"
},
{
"name": "CVE-2021-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42063"
},
{
"name": "CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"name": "CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"name": "CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"name": "CVE-2021-38176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38176"
},
{
"name": "CVE-2021-44231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44231"
},
{
"name": "CVE-2019-0388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0388"
},
{
"name": "CVE-2021-44235",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44235"
},
{
"name": "CVE-2021-42061",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42061"
},
{
"name": "CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"name": "CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"name": "CVE-2021-33683",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33683"
},
{
"name": "CVE-2021-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42069"
},
{
"name": "CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"name": "CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"name": "CVE-2021-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42070"
},
{
"name": "CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"name": "CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"name": "CVE-2021-42064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42064"
},
{
"name": "CVE-2021-44232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44232"
},
{
"name": "CVE-2021-42068",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42068"
},
{
"name": "CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"name": "CVE-2021-42066",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42066"
},
{
"name": "CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-948",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 14 d\u00e9cembre 2021",
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
}
]
}
CERTFR-2022-AVI-819
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420, 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (CMC) versions 430 | ||
| SAP | N/A | SAP Access Control version 12 | ||
| SAP | N/A | SAP Knowledge Warehouse versions 7.30, 7.31, 7.40, 7.50 | ||
| SAP | N/A | SAP NetWeaverASABAP versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.89, 7.54 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal (KMC) version 7.50 | ||
| SAP | N/A | SAP SuccessFactors attachment API for Mobile Application(Android &iOS) versions antérieures à 8.0.5 | ||
| SAP | N/A | SAP Business One version 10.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420, 430 | ||
| SAP | N/A | SAP NetWeaverASABAP (SAPGUIfor HTML within the Fiori Launchpad) versions KERNEL 7.77, 7.81, 7.85, 7.89, 7.54 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0, 7.70 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750-756, 787 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (CMC) versions 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Access Control version 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Knowledge Warehouse versions 7.30, 7.31, 7.40, 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaverASABAP versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.89, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal (KMC) version 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP SuccessFactors attachment API for Mobile Application(Android \u0026iOS) versions ant\u00e9rieures \u00e0 8.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One version 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaverASABAP (SAPGUIfor HTML within the Fiori Launchpad) versions KERNEL 7.77, 7.81, 7.85, 7.89, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0, 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750-756, 787",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35294"
},
{
"name": "CVE-2021-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42063"
},
{
"name": "CVE-2022-35291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35291"
},
{
"name": "CVE-2022-39801",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39801"
},
{
"name": "CVE-2022-28214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28214"
},
{
"name": "CVE-2022-28215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28215"
},
{
"name": "CVE-2022-39014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39014"
},
{
"name": "CVE-2022-35292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35292"
},
{
"name": "CVE-2022-35298",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35298"
},
{
"name": "CVE-2022-39799",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39799"
},
{
"name": "CVE-2022-35295",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35295"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-819",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 13 septembre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026todaysdate=2022-09-14"
}
]
}
CERTFR-2023-AVI-0454
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | Master Data Synchronization (MDS COMPARE TOOL) versions SAP_APPL 600, 602, 603, 604, 605, 606 et 616 | ||
| SAP | N/A | SAP CRM (WebClient UI) versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80 | ||
| SAP | N/A | SAP CRM ABAP (Grantor Management) version 430 | ||
| SAP | N/A | SAP NetWeaver (Change and Transport System) versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757 | ||
| SAP | N/A | SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106 | ||
| SAP | N/A | SAP NetWeaver (Design Time Repository) version 7.50 | ||
| SAP | N/A | SAP UI5 Variant Management versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420 et 430 | ||
| SAP | N/A | SAP Plant Connectivity version 15.5 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal version 7.50 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Master Data Synchronization (MDS COMPARE TOOL) versions SAP_APPL 600, 602, 603, 604, 605, 606 et 616",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CRM (WebClient UI) versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CRM ABAP (Grantor Management) version 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Change and Transport System) versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Design Time Repository) version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP UI5 Variant Management versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Plant Connectivity version 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal version 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42063"
},
{
"name": "CVE-2023-32115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32115"
},
{
"name": "CVE-2023-33991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33991"
},
{
"name": "CVE-2023-33986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33986"
},
{
"name": "CVE-2023-2827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2827"
},
{
"name": "CVE-2023-30743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30743"
},
{
"name": "CVE-2023-33984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33984"
},
{
"name": "CVE-2023-30742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30742"
},
{
"name": "CVE-2023-32114",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32114"
},
{
"name": "CVE-2023-31406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31406"
},
{
"name": "CVE-2022-22542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22542"
},
{
"name": "CVE-2023-33985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33985"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0454",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 13 juin 2023",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1"
}
]
}
FKIE_CVE-2021-42063
Vulnerability from fkie_nvd - Published: 2021-12-14 16:15 - Updated: 2024-11-21 06:27
Severity ?
Summary
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
References
| URL | Tags | ||
|---|---|---|---|
| cna@sap.com | http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html | Third Party Advisory | |
| cna@sap.com | http://seclists.org/fulldisclosure/2022/Mar/32 | Mailing List, Third Party Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/3102769 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/Mar/32 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/3102769 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | knowledge_warehouse | 7.30 | |
| sap | knowledge_warehouse | 7.31 | |
| sap | knowledge_warehouse | 7.40 | |
| sap | knowledge_warehouse | 7.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:knowledge_warehouse:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2F8A78-727A-428F-A91A-D299C736AF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:knowledge_warehouse:7.31:*:*:*:*:*:*:*",
"matchCriteriaId": "69CA04E5-F14D-418B-9A41-D8F6CDCC6AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:knowledge_warehouse:7.40:*:*:*:*:*:*:*",
"matchCriteriaId": "0B617547-83A3-4C1C-840A-EA31A9994258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:knowledge_warehouse:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB8640F-526F-48AF-ACB7-EAFA4E05BD82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de seguridad en SAP Knowledge Warehouse - versiones 7.30, 7.31, 7.40, 7.50. El uso de un componente de SAP KW dentro de un navegador web permite a atacantes no autorizados llevar a cabo ataques de tipo XSS, lo que podr\u00eda conllevar a revelar datos confidenciales"
}
],
"id": "CVE-2021-42063",
"lastModified": "2024-11-21T06:27:10.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-14T16:15:09.260",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html"
},
{
"source": "cna@sap.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/32"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3102769"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3102769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-RW6F-WGVQ-RRVG
Vulnerability from github – Published: 2021-12-15 00:00 – Updated: 2022-03-22 00:01
VLAI?
Details
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
Severity ?
6.1 (Medium)
{
"affected": [],
"aliases": [
"CVE-2021-42063"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T16:15:00Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.",
"id": "GHSA-rw6f-wgvq-rrvg",
"modified": "2022-03-22T00:01:15Z",
"published": "2021-12-15T00:00:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42063"
},
{
"type": "WEB",
"url": "https://launchpad.support.sap.com/#/notes/3102769"
},
{
"type": "WEB",
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Mar/32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2021-42063
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-42063",
"description": "A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.",
"id": "GSD-2021-42063",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2021-42063"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-42063"
],
"details": "A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.",
"id": "GSD-2021-42063",
"modified": "2023-12-13T01:23:06.225602Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-42063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Knowledge Warehouse",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.30"
},
{
"version_name": "\u003c",
"version_value": "7.31"
},
{
"version_name": "\u003c",
"version_value": "7.40"
},
{
"version_name": "\u003c",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3102769",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3102769"
},
{
"name": "20220320 [CVE-2021-42063] SAP Knowledge Warehouse \u003c= 7.50 \"SAPIrExtHelp\" Reflected XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/Mar/32"
},
{
"name": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:knowledge_warehouse:7.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:knowledge_warehouse:7.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:knowledge_warehouse:7.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:knowledge_warehouse:7.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2021-42063"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3102769",
"refsource": "MISC",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/3102769"
},
{
"name": "20220320 [CVE-2021-42063] SAP Knowledge Warehouse \u003c= 7.50 \"SAPIrExtHelp\" Reflected XSS",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Mar/32"
},
{
"name": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/166369/SAP-Knowledge-Warehouse-7.50-7.40-7.31-7.30-Cross-Site-Scripting.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2022-04-30T03:00Z",
"publishedDate": "2021-12-14T16:15Z"
}
}
}
WID-SEC-W-2023-1437
Vulnerability from csaf_certbund - Published: 2023-06-12 22:00 - Updated: 2023-06-12 22:00Summary
SAP Patchday Juni 2023
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: SAP stellt unternehmensweite Lösungen für Geschäftsprozesse wie Buchführung, Vertrieb, Einkauf und Lagerhaltung zur Verfügung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuführen. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SAP Software
SAP
|
cpe:/a:sap:sap:-
|
— |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "SAP stellt unternehmensweite L\u00f6sungen f\u00fcr Gesch\u00e4ftsprozesse wie Buchf\u00fchrung, Vertrieb, Einkauf und Lagerhaltung zur Verf\u00fcgung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in SAP Software ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1437 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1437.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1437 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1437"
},
{
"category": "external",
"summary": "SAP Patchday June 2023 vom 2023-06-12",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
],
"source_lang": "en-US",
"title": "SAP Patchday Juni 2023",
"tracking": {
"current_release_date": "2023-06-12T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:52:21.873+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1437",
"initial_release_date": "2023-06-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "SAP Software",
"product": {
"name": "SAP Software",
"product_id": "T016476",
"product_identification_helper": {
"cpe": "cpe:/a:sap:sap:-"
}
}
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-33991",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-33991"
},
{
"cve": "CVE-2023-33986",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-33986"
},
{
"cve": "CVE-2023-33985",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-33985"
},
{
"cve": "CVE-2023-33984",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-33984"
},
{
"cve": "CVE-2023-32115",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-32115"
},
{
"cve": "CVE-2023-32114",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-32114"
},
{
"cve": "CVE-2023-31406",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-31406"
},
{
"cve": "CVE-2023-30743",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-30743"
},
{
"cve": "CVE-2023-30742",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-30742"
},
{
"cve": "CVE-2023-2827",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-2827"
},
{
"cve": "CVE-2022-22542",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-22542"
},
{
"cve": "CVE-2021-42063",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in SAP Software. Der Fehler besteht in den Komponenten UI5 Variant Management, Digital Manufacturing, NetWeaver, CRM ABAP und Master Data Synchronization. Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen, Daten zu manipulieren und einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"product_status": {
"known_affected": [
"T016476"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2021-42063"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…