Vulnerabilites related to sap - sap_kernel
cve-2009-4603
Vulnerability from cvelistv5
Published
2010-01-12 17:00
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1023319 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/37684 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf | x_refsource_MISC | |
| https://service.sap.com/sap/support/notes/1302231 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/37286 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:37.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1023319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023319"
},
{
"name": "37684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37684"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"name": "37286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-01-12T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1023319",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023319"
},
{
"name": "37684",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37684"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"name": "37286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1023319",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023319"
},
{
"name": "37684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37684"
},
{
"name": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"name": "https://service.sap.com/sap/support/notes/1302231",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"name": "37286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4603",
"datePublished": "2010-01-12T17:00:00Z",
"dateReserved": "2010-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T22:56:36.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0271
Vulnerability from cvelistv5
Published
2019-03-12 22:00
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107355 | vdb-entry, x_refsource_BID | |
| https://launchpad.support.sap.com/#/notes/2870067 | x_refsource_CONFIRM | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 | x_refsource_CONFIRM | |
| https://launchpad.support.sap.com/#/notes/2736825 | x_refsource_CONFIRM | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | SAP SE | ABAP Server |
Version: < from 7.00 to 7.31 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ABAP Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.00 to 7.31"
}
]
},
{
"product": "ABAP Server \u0026 Platform",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c from 7.40 to 7.52"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T19:38:45",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "107355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABAP Server",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.00 to 7.31"
}
]
}
},
{
"product_name": "ABAP Server \u0026 Platform",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "from 7.40 to 7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107355"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2870067",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2736825",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0271",
"datePublished": "2019-03-12T22:00:00",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-2433
Vulnerability from cvelistv5
Published
2018-07-10 18:00
Modified
2024-08-05 04:21
Severity ?
EPSS score ?
Summary
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.support.sap.com/#/notes/2597913 | x_refsource_MISC | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | SAP Gateway |
Version: SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT Version: SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Version: SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT Version: SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Version: SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Gateway",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-10T17:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Gateway",
"version": {
"version_data": [
{
"version_name": "SAP KERNEL 32 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 32 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL ",
"version_value": "7.21, 7.22, 7.45, 7.49 and 7.53"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2597913",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2433",
"datePublished": "2018-07-10T18:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-0365
Vulnerability from cvelistv5
Published
2019-09-10 16:15
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 | x_refsource_CONFIRM | |
| https://launchpad.support.sap.com/#/notes/2786151 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | SAP SE | SAP Kernel (KRNL32NUC) |
Version: < 7.21 Version: < 7.21EXT Version: < 7.22 Version: < 7.22EXT |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:44:16.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Kernel (KRNL32NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "SAP Kernel (KRNL32UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
}
]
},
{
"product": "SAP Kernel (KRNL64NUC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
}
]
},
{
"product": "SAP Kernel (KRNL64UC)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.21EXT"
},
{
"status": "affected",
"version": "\u003c 7.22"
},
{
"status": "affected",
"version": "\u003c 7.22EXT"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.73"
}
]
},
{
"product": "SAP Kernel (KERNEL)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.21"
},
{
"status": "affected",
"version": "\u003c 7.49"
},
{
"status": "affected",
"version": "\u003c 7.53"
},
{
"status": "affected",
"version": "\u003c 7.73"
},
{
"status": "affected",
"version": "\u003c 7.76"
}
]
},
{
"product": "SAP GUI for Windows (BC-FES-GUI)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.5"
},
{
"status": "affected",
"version": "\u003c 7.6"
}
]
},
{
"product": "SAP GUI for Java (BC-FES-JAV)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-10T16:15:26",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2019-0365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Kernel (KRNL32NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP Kernel (KRNL32UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP Kernel (KRNL64NUC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
}
]
}
},
{
"product_name": "SAP Kernel (KRNL64UC)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.21EXT"
},
{
"version_name": "\u003c",
"version_value": "7.22"
},
{
"version_name": "\u003c",
"version_value": "7.22EXT"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.73"
}
]
}
},
{
"product_name": "SAP Kernel (KERNEL)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.21"
},
{
"version_name": "\u003c",
"version_value": "7.49"
},
{
"version_name": "\u003c",
"version_value": "7.53"
},
{
"version_name": "\u003c",
"version_value": "7.73"
},
{
"version_name": "\u003c",
"version_value": "7.76"
}
]
}
},
{
"product_name": "SAP GUI for Windows (BC-FES-GUI)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.5"
},
{
"version_name": "\u003c",
"version_value": "7.6"
}
]
}
},
{
"product_name": "SAP GUI for Java (BC-FES-JAV)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "7.5"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2786151",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2786151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2019-0365",
"datePublished": "2019-09-10T16:15:26",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:44:16.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16689
Vulnerability from cvelistv5
Published
2017-12-12 14:00
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102144 | vdb-entry, x_refsource_BID | |
| https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | x_refsource_CONFIRM | |
| https://launchpad.support.sap.com/#/notes/2449757 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | Trusted RFC connection |
Version: SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102144",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trusted RFC connection",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Additional authentication check in Trusted RFC on same system",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "102144",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trusted RFC connection",
"version": {
"version_data": [
{
"version_value": "SAP KERNEL 32NUC; SAP KERNEL 32Unicode; SAP KERNEL64NUC; SAP KERNEL64 Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Additional authentication check in Trusted RFC on same system"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102144"
},
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2449757",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16689",
"datePublished": "2017-12-12T14:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-17T03:03:01.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9594
Vulnerability from cvelistv5
Published
2015-01-15 15:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/62150 | third-party-advisory, x_refsource_SECUNIA | |
| https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/ | x_refsource_MISC | |
| https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62150"
},
{
"name": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9594",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-15T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16679
Vulnerability from cvelistv5
Published
2017-12-12 14:00
Modified
2024-09-16 17:03
Severity ?
EPSS score ?
Summary
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102157 | vdb-entry, x_refsource_BID | |
| https://launchpad.support.sap.com/#/notes/2520995 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | SAP Startup Service |
Version: SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Startup Service",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52."
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "URL redirection vulnerability in SAP\u0027s Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL Redirection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-13T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Startup Service",
"version": {
"version_data": [
{
"version_value": "SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52."
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "URL redirection vulnerability in SAP\u0027s Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"name": "102157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102157"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2520995",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2017-16679",
"datePublished": "2017-12-12T14:00:00Z",
"dateReserved": "2017-11-09T00:00:00",
"dateUpdated": "2024-09-16T17:03:13.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-2441
Vulnerability from cvelistv5
Published
2018-08-14 16:00
Modified
2024-08-05 04:21
Severity ?
EPSS score ?
Summary
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105090 | vdb-entry, x_refsource_BID | |
| https://launchpad.support.sap.com/#/notes/2671160 | x_refsource_MISC | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP | SAP Change and Transport System (ABAP) |
Version: SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT Version: SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Version: SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT Version: SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT Version: SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105090",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Change and Transport System (ABAP)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "SAP KERNEL 32 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 32 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 NUC 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"status": "affected",
"version": "SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73"
}
]
}
],
"datePublic": "2018-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-16T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "105090",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Change and Transport System (ABAP)",
"version": {
"version_data": [
{
"version_name": "SAP KERNEL 32 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 32 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 NUC",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL 64 Unicode",
"version_value": "7.21, 7.21EXT, 7.22 and 7.22EXT"
},
{
"version_name": "SAP KERNEL ",
"version_value": "7.21, 7.22, 7.45, 7.49, 7.53 and 7.73"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105090"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2671160",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2441",
"datePublished": "2018-08-14T16:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9595
Vulnerability from cvelistv5
Published
2015-01-15 15:00
Modified
2024-08-06 13:47
Severity ?
EPSS score ?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
References
| ▼ | URL | Tags |
|---|---|---|
| https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/ | x_refsource_MISC | |
| http://secunia.com/advisories/62150 | third-party-advisory, x_refsource_SECUNIA | |
| https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"name": "62150",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"name": "62150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62150"
},
{
"name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/",
"refsource": "MISC",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9595",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-15T00:00:00",
"dateUpdated": "2024-08-06T13:47:41.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-2360
Vulnerability from cvelistv5
Published
2018-01-09 15:00
Modified
2024-08-05 04:14
Severity ?
EPSS score ?
Summary
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.support.sap.com/#/notes/2523961 | x_refsource_CONFIRM | |
| https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/102448 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Startup Service |
Version: 7.45 Version: 7.49 Version: 7.52 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "102448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Startup Service",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.52"
}
]
}
],
"datePublic": "2018-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-11T10:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "102448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Startup Service",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.52"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2523961",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"name": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "102448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2360",
"datePublished": "2018-01-09T15:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:14:39.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5997
Vulnerability from cvelistv5
Published
2017-02-15 19:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.
References
| ▼ | URL | Tags |
|---|---|---|
| https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5997",
"datePublished": "2017-02-15T19:00:00",
"dateReserved": "2017-02-15T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-12-12 14:29
Modified
2024-11-21 03:16
Severity ?
Summary
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/102157 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | Issue Tracking, Vendor Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2520995 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102157 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2520995 | Permissions Required, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.21ext | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.22ext | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "157D157A-6B01-478F-A7B9-D0FAD0636DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "63A2F363-A557-429E-97B2-0DFBC93F2C22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB51CE2C-7E65-4214-B14B-19593BE9F26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "F41CD116-6BDD-432D-A194-316AB42A6ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "F42A1C8B-C830-4DA0-BEE6-04E3FF744FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72873D-9926-40CA-B33E-8AF0FAAFF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "42D5F7BF-A95A-49AE-A962-DBF53181E2E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "URL redirection vulnerability in SAP\u0027s Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL en SAP Startup Service; SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.52, que permite que un atacante redirija usuarios a un sitio malicioso."
}
],
"id": "CVE-2017-16679",
"lastModified": "2024-11-21T03:16:48.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-12T14:29:00.233",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"source": "cna@sap.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2520995"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-14 16:29
Modified
2024-11-21 04:03
Severity ?
Summary
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/105090 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2671160 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105090 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2671160 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.21ext | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.22ext | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.53 | |
| sap | sap_kernel | 7.73 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "168D38D8-CE37-4FF4-B089-DCBB0D5A3387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "56247321-E033-4097-A176-BE71DEBD5920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7EA62C-67A6-4971-AC33-D5A3D390CE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DC3DD5-36D6-462E-BD41-E1EDB5843A8A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted."
},
{
"lang": "es",
"value": "En ciertas condiciones, SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 y 7.73, permiten que un atacante transporte informaci\u00f3n que, de otra forma, estar\u00eda restringida."
}
],
"id": "CVE-2018-2441",
"lastModified": "2024-11-21T04:03:49.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-14T16:29:00.553",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2671160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-15 15:59
Modified
2024-11-21 02:21
Severity ?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.00 | |
| sap | sap_kernel | 7.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.00:*:*:*:*:*:x86:*",
"matchCriteriaId": "F424D2BC-63D1-49D9-9DF7-DE2F34DEED24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.40:*:*:*:*:*:x64:*",
"matchCriteriaId": "AD16EF24-86FF-43A3-87EF-E5977CDA140E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en SAP NetWeaver Dispatcher en SAP Kernel 7.00 de 32 bits y 7.40 de 64 bits permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, relacionado con Spool System, tambi\u00e9n conocido como SAP Nota 2061271."
}
],
"id": "CVE-2014-9595",
"lastModified": "2024-11-21T02:21:12.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-15T15:59:25.763",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62150"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-14-024-sap-kernel-rce-dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-15 15:59
Modified
2024-11-21 02:21
Severity ?
Summary
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.00 | |
| sap | sap_kernel | 7.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.00:*:*:*:*:*:x86:*",
"matchCriteriaId": "F424D2BC-63D1-49D9-9DF7-DE2F34DEED24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.40:*:*:*:*:*:x64:*",
"matchCriteriaId": "AD16EF24-86FF-43A3-87EF-E5977CDA140E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en SAP NetWeaver Dispatcher en SAP Kernel 7.00 de 32 bits y 7.40 de 64 bits permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, relacionado con el VM ABAP, tambi\u00e9n conocido como SAP Nota 2059734."
}
],
"id": "CVE-2014-9594",
"lastModified": "2024-11-21T02:21:12.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-15T15:59:24.687",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62150"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-14-025-sap-kernel-rce-dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-december-2014/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-10 17:15
Modified
2024-11-21 04:16
Severity ?
Summary
SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2786151 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2786151 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.53 | |
| sap | sap_kernel | 7.73 | |
| sap | sap_kernel | 7.76 | |
| sap | sap_kernel_krnl32nuc | 7.21 | |
| sap | sap_kernel_krnl32nuc | 7.21ext | |
| sap | sap_kernel_krnl32nuc | 7.22 | |
| sap | sap_kernel_krnl32nuc | 7.22ext | |
| sap | sap_kernel_krnl32uc | 7.21 | |
| sap | sap_kernel_krnl32uc | 7.21ext | |
| sap | sap_kernel_krnl32uc | 7.22 | |
| sap | sap_kernel_krnl32uc | 7.22ext | |
| sap | sap_kernel_krnl64nuc | 7.21 | |
| sap | sap_kernel_krnl64nuc | 7.21ext | |
| sap | sap_kernel_krnl64nuc | 7.22 | |
| sap | sap_kernel_krnl64nuc | 7.22ext | |
| sap | sap_kernel_krnl64uc | 7.21 | |
| sap | sap_kernel_krnl64uc | 7.21ext | |
| sap | sap_kernel_krnl64uc | 7.22 | |
| sap | sap_kernel_krnl64uc | 7.22ext | |
| sap | sap_kernel_krnl64uc | 7.49 | |
| sap | sap_kernel_krnl64uc | 7.73 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7EA62C-67A6-4971-AC33-D5A3D390CE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "C2DC3DD5-36D6-462E-BD41-E1EDB5843A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.76:*:*:*:*:*:*:*",
"matchCriteriaId": "CDE0BD24-5846-4C18-BC80-3C20C10DBCB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D3942B-2628-4DBE-A45E-BB0B7720611F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "453954CC-8BC4-44FA-B398-EEFB9E753219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "07F567A3-D352-45CC-9FD9-A527C00AC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32nuc:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "7E606FEC-E678-470A-8CFF-EA23A7B18E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32uc:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F36AED-EBEC-4829-BE19-4C21A42A8333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32uc:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BA2FE6-9AAC-421F-80F1-C1A10F7412AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32uc:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE57B68-EB51-4FA3-9E1B-6F2F5ABEBA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl32uc:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "9B30BF5A-F8C3-42FE-A6F3-26AE4AFCE1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "55056F3E-ADB1-4C8A-B26B-635647BC62FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "C799F460-05EF-4639-80FF-FD46A44FE225",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BED67005-0801-4F04-9657-EBEC88ABB5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64nuc:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "397FD4D5-A263-4366-A39F-20BECC22AB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8F057A-C567-488B-9C04-0E40B0C97954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "68A9472A-A1E8-487C-B0C2-0F61D48C3766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "DE184F25-627E-4C8A-98D2-2EB0E9D2D96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "A0BE71FB-A9E3-4CEC-A3B4-98B11DCD6B7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "8952A720-B281-4265-B659-4DEE5F0BD257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel_krnl64uc:7.73:*:*:*:*:*:*:*",
"matchCriteriaId": "709E6F88-14EA-4669-AEA5-C9C699428733",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL before versions 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) before versions 7.5, 7.6, and SAP GUI for Java (BC-FES-JAV) before version 7.5, allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
},
{
"lang": "es",
"value": "SAP Kernel (RFC), KRNL32NUC, KRNL32UC y KRNL64NUC versiones anteriores a 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, versiones anteriores a 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 y KERNEL versiones anteriores a 7.21, 7.49, 7.53, 7.73, 7.76 SAP GUI for Windows (BC-FES-GUI) versiones anteriores a 7.5, 7.6 y SAP GUI para Java (BC-FES-JAV) anteriores a versi\u00f3n 7.5, permiten a un atacante impedir que usuarios leg\u00edtimos accedan a un servicio, ya sea mediante el bloqueo o la inundaci\u00f3n del servicio."
}
],
"id": "CVE-2019-0365",
"lastModified": "2024-11-21T04:16:44.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-10T17:15:11.330",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2786151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-15 19:59
Modified
2024-11-21 03:28
Severity ?
Summary
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.42 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.42:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C08BB4-AF7D-4609-A892-3FE34AF27F44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972."
},
{
"lang": "es",
"value": "El demonio de SAP Message Server HTTP en SAP KERNEL 7.21-7.49 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda de proceso) a trav\u00e9s de m\u00faltiples solicitudes msgserver/group?group= con un tama\u00f1o manipulado del par\u00e1metro de grupo, vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2358972."
}
],
"id": "CVE-2017-5997",
"lastModified": "2024-11-21T03:28:51.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T19:59:01.330",
"references": [
{
"source": "cve@mitre.org",
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-12 17:30
Modified
2024-11-21 01:10
Severity ?
Summary
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 6.40 | |
| sap | sap_kernel | 7.00 | |
| sap | sap_kernel | 7.01 | |
| sap | sap_kernel | 7.10 | |
| sap | sap_kernel | 7.11 | |
| sap | sap_kernel | 7.20 | |
| sap | sap_netweaver | 7.0 | |
| sap | sap_web_application_server | 6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "548D937D-FF7F-4B5B-98A2-50F5FBA7875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.00:*:*:*:*:*:*:*",
"matchCriteriaId": "DA732B51-EF58-41D1-A012-195847AE9CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8D3B9-CAF2-47FD-93C7-CCF6554BBA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8965F9-F10A-4F6A-830C-7D5D4596AA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B09614D3-0B53-48FC-9E1F-05384AEFBE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "633CC2AD-4B48-4473-A818-93E40DCBEFBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_netweaver:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "813CC383-4123-45B0-A58A-78A8DC71FFE7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sap:sap_web_application_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC17AFFF-324D-40F5-9305-1A049E16B7A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "vulnerabilidad inespec\u00edfica en sapstartsrv.exe en el kernel SAP v6.40, v7.00, v7.01, v7.10, v7.11, y v7.20, tal y como se utiliza en SAP NetWeaver v7.x y SAP Web Application Server v6.x y v7.x, permite a atacantes remotos producir una denegaci\u00f3n de servicio (apagado de la consola de administraci\u00f3n) a trav\u00e9s de una petici\u00f3n manipulada."
}
],
"id": "CVE-2009-4603",
"lastModified": "2024-11-21T01:10:01.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-01-12T17:30:01.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37684"
},
{
"source": "cve@mitre.org",
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37286"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023319"
},
{
"source": "cve@mitre.org",
"url": "https://service.sap.com/sap/support/notes/1302231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cybsec.com/vuln/CYBSEC_SAP_sapstartsrv_DoS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37286"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://service.sap.com/sap/support/notes/1302231"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-10 18:29
Modified
2024-11-21 04:03
Severity ?
Summary
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2597913 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2597913 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.21ext | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.22ext | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "168D38D8-CE37-4FF4-B089-DCBB0D5A3387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "56247321-E033-4097-A176-BE71DEBD5920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "306EBEDB-BF90-46C5-99B1-C7ADAF1B8611",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
},
{
"lang": "es",
"value": "SAP Gateway (SAP KERNEL 32 NUC; SAP KERNEL 32 Unicode; SAP KERNEL 64 NUC; SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 y 7.22EXT y SAP KERNEL 7.21, 7.22, 7.45, 7.49 y 7.53) permite que un atacante evite que usuarios leg\u00edtimos accedan a un servicio, ya sea inund\u00e1ndolo o provocando su cierre inesperado."
}
],
"id": "CVE-2018-2433",
"lastModified": "2024-11-21T04:03:48.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-10T18:29:00.907",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2597913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-12 14:29
Modified
2024-11-21 03:16
Severity ?
Summary
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/102144 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | Issue Tracking, Vendor Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2449757 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102144 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2449757 | Permissions Required, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.21ext | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.22ext | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21ext:*:*:*:*:*:*:*",
"matchCriteriaId": "168D38D8-CE37-4FF4-B089-DCBB0D5A3387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22ext:*:*:*:*:*:*:*",
"matchCriteriaId": "56247321-E033-4097-A176-BE71DEBD5920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined."
},
{
"lang": "es",
"value": "Una conexi\u00f3n RFC fiable en SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL desde la versi\u00f3n 7.21 hasta la 7.22, 7.45, 7.49, puede establecerse para un cliente o usuario diferentes en el mismo sistema aunque no se haya definido una relaci\u00f3n Trusted/Trusting expl\u00edcita con el mismo sistema."
}
],
"id": "CVE-2017-16689",
"lastModified": "2024-11-21T03:16:49.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-12T14:29:00.640",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"source": "cna@sap.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2449757"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-09 15:29
Modified
2024-11-21 04:03
Severity ?
Summary
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | http://www.securityfocus.com/bid/102448 | Third Party Advisory, VDB Entry | |
| cna@sap.com | https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ | Vendor Advisory | |
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2523961 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102448 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2523961 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.52 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "F42A1C8B-C830-4DA0-BEE6-04E3FF744FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72873D-9926-40CA-B33E-8AF0FAAFF45C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sap:sap_kernel:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "42D5F7BF-A95A-49AE-A962-DBF53181E2E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage."
},
{
"lang": "es",
"value": "SAP Startup Service y SAP KERNEL, en versiones 7.45, 7.49 y 7.52 no tienen comprobaci\u00f3n de autenticaci\u00f3n para funcionalidades que requieran la identidad del usuario y provoquen el consumo del almacenamiento del sistema de archivos."
}
],
"id": "CVE-2018-2360",
"lastModified": "2024-11-21T04:03:40.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-09T15:29:00.213",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102448"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/2523961"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-12 22:29
Modified
2024-11-21 04:16
Severity ?
Summary
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | advanced_business_application_programming_platform | - | |
| sap | advanced_business_application_programming_server | * | |
| sap | advanced_business_application_programming_server | * | |
| sap | sap_kernel | 7.21 | |
| sap | sap_kernel | 7.22 | |
| sap | sap_kernel | 7.45 | |
| sap | sap_kernel | 7.49 | |
| sap | sap_kernel | 7.53 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F4E561-9FA1-445C-822A-F46AA9AEA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEE02B80-95AF-4B35-B2CF-EE90B32DA3BA",
"versionEndIncluding": "7.31",
"versionStartIncluding": "7.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:advanced_business_application_programming_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "099C5E3A-0C59-437A-8353-441A5A059D16",
"versionEndIncluding": "7.52",
"versionStartIncluding": "7.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1DB2B37-EC52-4FE6-9861-A98A9E365B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "80D1ECE8-0465-4B82-A0B7-BC55438FFC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.45:*:*:*:*:*:*:*",
"matchCriteriaId": "517E04CB-B712-477E-8F64-B35F9D0D932B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.49:*:*:*:*:*:*:*",
"matchCriteriaId": "018F8061-43B6-4F29-B914-C779569C58CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sap_kernel:7.53:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7EA62C-67A6-4971-AC33-D5A3D390CE52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below."
},
{
"lang": "es",
"value": "El servidor ABAP (utilizado en NetWeaver y Suite / ERP) y la plataforma ABAP no validan suficientemente un documento XML aceptado de una fuente no segura, lo que genera una vulnerabilidad de entidad externa XML (XEE). Se corrigi\u00f3 en Kernel 7.21 o 7.22, que es el Servidor ABAP 7.00 a 7.31 y Kernel 7.45, 7.49 o 7.53, que es el Servidor ABAP 7.40 a 7.52 o la Plataforma ABAP. Para actualizaciones m\u00e1s recientes, consulte la Nota de seguridad 2870067 (que reemplaza la soluci\u00f3n de la Nota de seguridad 2736825) en la secci\u00f3n de referencia a continuaci\u00f3n."
}
],
"id": "CVE-2019-0271",
"lastModified": "2024-11-21T04:16:36.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-12T22:29:00.487",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"source": "cna@sap.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/107355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2736825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://launchpad.support.sap.com/#/notes/2870067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}