Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown
CVE-2022-27668
Disclosure Date: June 14, 2022 (last updated November 29, 2024)
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
0
Attacker Value
Unknown
CVE-2022-29616
Disclosure Date: May 11, 2022 (last updated October 07, 2023)
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.
0
Attacker Value
Unknown
CVE-2022-27656
Disclosure Date: May 11, 2022 (last updated October 07, 2023)
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
0
Attacker Value
Unknown
CVE-2022-22543
Disclosure Date: February 09, 2022 (last updated October 07, 2023)
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
0