SAP NetWeaver ABAP Enqueue service suffers from multiple memory corruption vulnerabilities.
311841e1ce77e5cac126339df98efcba8eda52f242b8a567340833179c8bd6c5The SAP NetWeaver ABAP IGS service suffers from multiple memory corruption vulnerabilities.
2d1f0734303783a8b47a886f91b23670d4395d5d4ed4501f6e4af6001b97b2b7The SAP NetWeaver ABAP Gateway service suffers from multiple memory corruption vulnerabilities.
da1fec63d0f864232e684c79171e0e2cc4a5296c2ce6bd0702518810eabac2eaSAP NetWeaver ABAP Dispatcher service suffers from memory corruption vulnerabilities. An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable.
17cc60af5d9b943931eeb5cd66b2a4f367a1a9b045b6aa0fe83114111e1f2e37SAP NetWeaver AS JAVA CRM log injection remote command execution exploit.
3e099354c4a0cc48ef5abaf2930e91c0e1bb6616e3ff003040ac00c3e5138384SAP NetWeaver AS JAVA version 7.4 suffers from an XML external entity (XXE) injection vulnerability.
efd99512a1f7388c7f876065269028bfcebd3facd45d7f9528eed91a41312084SAP NetWeaver AS JAVA version 7.4 suffers from a denial of service vulnerability.
867f8128690b89340fd1f3685572beeded84a79290e1e6dc540dcd297158cc35SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a directory traversal vulnerability.
62cc4d036331589bf67b67e77af5807e4474a073efb99c6620b5006901f5230bSAP NetWeaver AS ABAP version 7.4 suffers from a directory traversal vulnerability.
84ff922450ca8f53eaea6f84e5101ea1a2bb7652412f540755f0c5b78015f1e1An attacker can trigger an XML Entity Expansion or XML External Entity Injection. This causes the entire machine to become unresponsive until the process is terminated manually. An attacker can use this flaw to perform a denial-of-service (DoS) attack. SAP NetWeaver AS JAVA version 7.4 is affected.
00d680c67dc60d3912397c85f8496bcdaca53ce2cb060a4c8ebe9fc69b59c8a2The Java Startup Framework (jstart) in SAP Application server for Java allows remote attackers to cause a denial of service via a crafted request. SAP NetWeaver AS JAVA versions 7.2 through 7.4 are affected.
bb3db47d4fcab7f0f9eca2bde8886165421542cd01cf50081af2e14438a6d1d2SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a cross site scripting vulnerability.
3227c8ee7e5ffae4107c3102e05d6c483cc347aa6c21ed54de26dc0f839fee13SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer form an information disclosure vulnerability in WD_CHAT.
c86a0c971a9ddf7d0a42320c53175f15d4860f92751a45e80a3910f467711ef4SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an XML external entity injection vulnerability.
44897fd3de22b74e679203c9cb11f3fb82fcf5325291f376823810d3b828f093SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a cross site scripting vulnerability.
20052cfd6741d7dfcf904514b3be697e271bc2041eeead1cb9b3ca48a8d8d899SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a directory traversal vulnerability.
790e576e203d8d6179e7abc17a655e8165edc85deda7e8a80645173db2db72a8SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a remote SQL injection vulnerability.
db00019357db1804ffea0c5ca76cb4f4042f6423e57de6a275761be682393508SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an information disclosure vulnerability.
ff32f8dfc483575f12d9638b631629d9ab8b592d1ff7efb0bb98169a0fa75462SAP NetWeaver AS JAVA version 7.4 suffers from a cross site scripting vulnerability.
6b5b4efd5d7e256e564699033608a728468786c991209741d89bfdce20049406In SAP NetWeaver AS JAVA, it is possible to call some of the DAS files without authorization because they do not check if a user is authorized to access some of the JSPs.
17e930af4bcb201a5b3c49123d1dd0c39290d43e9d66e4289fe5cec29479a0e8Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the setTraceLevelsForXsApps function. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users, who won't be able to perform their assigned business operations.
7869861a8cf7d5ac351d96a4bde8a820fc9cf69a49a6804cb69e0ab966bc97ceOnapsis Security Advisory - SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.
536c2f5bd066d0dd00d1598734d6f710d8be3e982bbd78bef9d75361bc5754ebOnapsis Security Advisory - The SAP HANA _newUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
f3b215fc645ed5adb73a39c5c8db51b7f63d88844aaeb6ee126baf1e0fc6ffdaOnapsis Security Advisory - The SAP HANA _modifyUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
2bf8dc1f0018c72dd7928ea2e39a57b4c7a243e7a5cde3f12425bfe6876cac15Onapsis Security Advisory - SAP HANA hdbsql suffers from multiple memory corruption vulnerabilities. By exploiting this vulnerability an attacker could abuse of management interfaces to execute commands on the HANA system and ultimately compromise all the information stored and processed by the system.
368ce04e67548cdb573e6df82ff6477de56a2a3d247070855e42496c9c199e7fOnapsis Security Advisory - SAP Business Objects suffers from a memory corruption vulnerability. By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.
38f5d4c8882c9a29b1c46ec18ce9b8b283de108c7ffe457c455f9e65e781276c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed