SAP

Netweaver As Abap Business Server Pages

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-29185

  • EPSS 0.23%
  • Published 11.04.2023 04:16:08
  • Last modified 21.11.2024 07:56:40

SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumst...

6.1

CVE-2023-24521

  • EPSS 0.6%
  • Published 14.02.2023 04:15:12
  • Last modified 21.11.2024 07:48:02

Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicio...

6.1

CVE-2023-24529

  • EPSS 0.29%
  • Published 14.02.2023 04:15:12
  • Last modified 21.11.2024 07:48:03

Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a...

6.1

CVE-2020-6324

  • EPSS 0.9%
  • Published 09.09.2020 14:15:12
  • Last modified 21.11.2024 05:35:30

SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modi...

6.1

CVE-2020-6246

  • EPSS 0.27%
  • Published 10.06.2020 13:15:17
  • Last modified 21.11.2024 05:35:22

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnera...

6.1

CVE-2020-6213

  • EPSS 0.19%
  • Published 24.04.2020 23:15:11
  • Last modified 21.11.2024 05:35:18

SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficientl...

6.1

CVE-2020-6215

  • EPSS 0.4%
  • Published 14.04.2020 20:15:15
  • Last modified 21.11.2024 05:35:18

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of th...

6.1

CVE-2020-6217

  • EPSS 0.37%
  • Published 14.04.2020 20:15:15
  • Last modified 21.11.2024 05:35:19

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

6.1

CVE-2020-6229

  • EPSS 0.24%
  • Published 14.04.2020 19:15:17
  • Last modified 21.11.2024 05:35:20

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site S...

6.1

CVE-2020-6205

  • EPSS 0.51%
  • Published 10.03.2020 21:15:14
  • Last modified 21.11.2024 05:35:17

SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to ...