SAP NetWeaver UMEADMIN versions 7.00 through 7.50 suffer from a flaw where an authenticated user, via web administration, can trigger directory creation anywhere where the SAP OS user has access.
577200dbf4a5c8490c6147ad8f89d5b575f031125524538d758210005cb31e60SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a directory traversal vulnerability.
62cc4d036331589bf67b67e77af5807e4474a073efb99c6620b5006901f5230bSAP EP-RUNTIME version 7.5 suffers from a denial of service vulnerability.
3f0975ddf76e930f8e4b83447cfd991b8747cc460b16cad70cfad5fd2608ce72SAP HANA version 102.02 suffers from a denial of service vulnerability.
5fccc7675d88d83dae2c3a0c0c65e2fb0a98ab8777842e235044812b9b499f18Anonymous attackers can use a special HTTP request to inject logs in the xsengine trace file without size restriction. The vulnerability is triggered when the username sent to the /sap/hana/xs/debugger/grantAccess.xscfunc page is longer than 256 characters.
c8c5dd5a2c2a55cdafe1f8d473df9812f164b0f46f07d0a934fb5fc0b3a066f0SAP PCo versions 2.2, 2.3, 15.0, and 15.1 suffer from a denial of service vulnerability.
39b8bca8d12d613256ed16b6471e91e8cda9378908f629e973648bcbe9a349beSAP MII versions 12.2, 14.0, and 15.0 allow Base64 and DES as an encryption algorithm.
8d8406e9a99282c000153684f4edfedc8fa3af9e5227108e35ed09b9acca615eA buffer overflow vulnerability exists in SAP HANA interface. If an attacker has a network access to the SQL interface or the SAP HANA Extended Application Services interface of an SAP HANA system, the vulnerability enables the attacker to inject code into the working memory that is subsequently executed by the application. It can also be used to cause a general fault in the product causing the product to terminate.
4a3217c857218fca063182a533106637a286820d37a2c8dbd3fe6da700dfe2ad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed