Vulnerabilities for Business application software integrated solution (...) - CXSECURITY.COM

Vulnerabilities for
'Business application software integrated solution'

2019-04-10

CVE-2019-0279

CWE-285

ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.

2018-12-11

CVE-2018-2494

CWE-863

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.

2018-03-01

CVE-2018-2367

CWE-22

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

2018-01-09

CVE-2018-2363

CWE-94

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.

2017-12-12

CVE-2017-16691

CWE-20

SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.

CVE-2017-16682

CWE-94

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.

>>> Vendor: SAP 332 Products

Application server

Sap r 3 web application server demo

Crystal reports

Adaptive server enterprise

Internet transaction server

Mysap business suite

Sap web application server

Business connector

Download manager

Internet graphics server

Inventory manager

Sap basis component 640

Sap basis component 700

Netweaver nw04s

Internet communication manager

Sap message server

Business objects

Crystal reports server

Business one 2005-a

Businessobjects

J2ee engine core

System landscape directory

Netweaver business client

Production planning and control

Healthcare industry solution

Erp cental component

Basis communication services

Erp central component

Network interface router

Netweaver logviewer

Netweaver development infrastructure

Customer relationship management

Netweaver solution manager

Netweaver exchange infrastructure (bc-xi)

Bi universal data integration

Ccms / database monitor

Guided procedures archive monitor

Mobile infrastructure

Solution manager

Enterprise portal

Software deployment manager

Enhancement package

Print and output management

Business object processing framework for abap

Netweaver software lifecycle manager

Netweaver abap application server

Profile maintenance

Background processing

Netweaver java application server

Web services tool

Computing center management system monitoring

Transaction data pool

Capacity leveling

Open hub service

Oil industry solution traders and schedulers workbench

Supplier relationship management

Hana extend application services

Netweaver business warehouse

Fi manager self-service

Businessobjects xi

Businessobjects explorer

Commoncryptolib

Environment health and safety

See all Products for Vendor SAP

Copyright 2024, cxsecurity.com