cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-33005,https://securityvulnerability.io/vulnerability/CVE-2024-33005,Authorization Bypass VI carbon zente ideal primal crux deliver,"Due to the missing authorization checks in the
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application
Server (ABAP and Java), and SAP Content Server can impersonate other users and
may perform some unintended actions. This could lead to a low impact on
confidentiality and a high impact on the integrity and availability of the
applications.",SAP,"SAP Netweaver Application Server (abap And Java),SAP Web Dispatcher And SAP Content Server",6.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-13T03:47:44.829Z,0
CVE-2023-40309,https://securityvulnerability.io/vulnerability/CVE-2023-40309,Missing Authorization check in SAP CommonCryptoLib,"The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",9.8,CRITICAL,0.0018700000364333391,false,false,false,false,,false,false,2023-09-12T03:15:00.000Z,0
CVE-2023-40308,https://securityvulnerability.io/vulnerability/CVE-2023-40308,Memory Corruption vulnerability in SAP CommonCryptoLib,"The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.",SAP,"SAP Commoncryptolib,SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise,SAP Web Dispatcher,SAP Content Server,SAP Hana Database,SAP Host Agent,SAP Extended Application Services And Runtime (xsa),SAPssoext",7.5,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2023-09-12T02:15:00.000Z,0
CVE-2021-33664,https://securityvulnerability.io/vulnerability/CVE-2021-33664,,"SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.",SAP,SAP Netweaver Application Server Abap (applications Based On Web Dynpro Abap),5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-06-09T13:32:50.000Z,0
CVE-2021-21491,https://securityvulnerability.io/vulnerability/CVE-2021-21491,,"SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.",SAP,SAP Netweaver Application Server Java (applications Based On Web Dynpro Java),4.7,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2021-03-10T14:11:46.000Z,0
CVE-2019-0327,https://securityvulnerability.io/vulnerability/CVE-2019-0327,,"SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5), (servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5), allows an attacker to upload files (including script files) without proper file format validation.",SAP,"SAP Netweaver For Java Application Server - Web Container (engineapi),SAP Netweaver For Java Application Server - Web Container (servercode)",7.2,HIGH,0.006459999829530716,false,false,false,false,,false,false,2019-07-10T19:09:39.000Z,0
CVE-2008-2421,https://securityvulnerability.io/vulnerability/CVE-2008-2421,,"Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.",SAP,"SAP Web Application Server,Web Dynpro",,,0.8980900049209595,false,false,false,false,,false,false,2008-05-23T15:00:00.000Z,0
CVE-2007-3615,https://securityvulnerability.io/vulnerability/CVE-2007-3615,,"Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.",SAP,"Internet Communication Manager,SAP Web Application Server",,,0.05753999948501587,false,false,false,false,,false,false,2007-07-06T19:00:00.000Z,0
CVE-2006-6011,https://securityvulnerability.io/vulnerability/CVE-2006-6011,,"Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka ""two bytes UDP crash,"" a different vulnerability than CVE-2006-5785.",SAP,SAP Web Application Server,,,0.003269999986514449,false,false,false,false,,false,false,2006-11-21T23:00:00.000Z,0
CVE-2006-6010,https://securityvulnerability.io/vulnerability/CVE-2006-6010,,"SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.",SAP,SAP Web Application Server,,,0.04902999848127365,false,false,false,false,,false,false,2006-11-21T23:00:00.000Z,0
CVE-2006-5784,https://securityvulnerability.io/vulnerability/CVE-2006-5784,,"Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a ""3200+SYSNR"" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.",SAP,SAP Web Application Server,,,0.0063299997709691525,false,false,false,false,,false,false,2006-11-07T23:00:00.000Z,0
CVE-2006-5785,https://securityvulnerability.io/vulnerability/CVE-2006-5785,,Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.,SAP,SAP Web Application Server,,,0.028109999373555183,false,false,false,false,,false,false,2006-11-07T23:00:00.000Z,0
CVE-2006-1039,https://securityvulnerability.io/vulnerability/CVE-2006-1039,,"SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a "";%20"" followed by encoded HTTP headers.",SAP,SAP Web Application Server,,,0.0134699996560812,false,false,false,false,,false,false,2006-03-07T11:00:00.000Z,0
CVE-2005-3633,https://securityvulnerability.io/vulnerability/CVE-2005-3633,,HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.,SAP,SAP Web Application Server,,,0.00863999966531992,false,false,false,false,,false,false,2005-11-16T21:17:00.000Z,0
CVE-2005-3636,https://securityvulnerability.io/vulnerability/CVE-2005-3636,,Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.,SAP,SAP Web Application Server,,,0.010579999536275864,false,false,false,false,,false,false,2005-11-16T21:17:00.000Z,0
CVE-2005-3635,https://securityvulnerability.io/vulnerability/CVE-2005-3635,,Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.,SAP,SAP Web Application Server,,,0.013829999603331089,false,false,false,false,,false,false,2005-11-16T21:17:00.000Z,0
CVE-2005-3634,https://securityvulnerability.io/vulnerability/CVE-2005-3634,,frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.,SAP,SAP Web Application Server,,,0.05152999982237816,false,false,false,false,,false,false,2005-11-16T21:17:00.000Z,0
CVE-2001-0366,https://securityvulnerability.io/vulnerability/CVE-2001-0366,,"saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program.",SAP,"SAPoscol,SAP R 3 Web Application Server Demo",,,0.0004199999966658652,false,false,false,false,,false,false,2001-06-27T04:00:00.000Z,0