Search

Find a vulnerability

Search criteria

    24 vulnerabilities found for netweaver_as_abap by sap

    CVE-2024-27902 (GCVE-0-2024-27902)

    Vulnerability from nvd – Published: 2024-03-12 00:45 – Updated: 2024-08-02 00:41
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)
    Summary
    Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:24:55.762101Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:47:26.941Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:41:55.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3377979"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eApplications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user\u2019s browser. There is no impact on the availability of the system\u003c/p\u003e"
                }
              ],
              "value": "Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user\u2019s browser. There is no impact on the availability of the system\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-12T00:45:08.794Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3377979"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-27902",
        "datePublished": "2024-03-12T00:45:08.794Z",
        "dateReserved": "2024-02-27T06:26:16.787Z",
        "dateUpdated": "2024-08-02T00:41:55.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27668 (GCVE-0-2022-27668)

    Vulnerability from nvd – Published: 2022-06-14 16:57 – Updated: 2024-08-03 05:33
    VLAI
    Summary
    Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.49
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Affected: KRNL64NUC 7.49
    Affected: KRNL64UC 7.49
    Affected: SAP_ROUTER 7.53
    Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:33:00.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3158375"
              },
              {
                "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.49"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.49"
                },
                {
                  "status": "affected",
                  "version": "SAP_ROUTER 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T15:06:17.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3158375"
            },
            {
              "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-27668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "SAP_ROUTER 7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3158375",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3158375"
                },
                {
                  "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-27668",
        "datePublished": "2022-06-14T16:57:29.000Z",
        "dateReserved": "2022-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:33:00.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22543 (GCVE-0-2022-22543)

    Vulnerability from nvd – Published: 2022-02-09 22:05 – Updated: 2024-08-03 03:14
    VLAI
    Summary
    SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.22EXT
    Affected: KRNL64NUC 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3116223"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:19:34.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3116223"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-22543",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3116223",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3116223"
                },
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-22543",
        "datePublished": "2022-02-09T22:05:27.000Z",
        "dateReserved": "2022-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:14:55.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27632 (GCVE-0-2021-27632)

    Vulnerability from nvd – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-476 - Improper Input Validation (CWE-476)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Improper Input Validation (CWE-476)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27632",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27631 (GCVE-0-2021-27631)

    Vulnerability from nvd – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-476 - Improper Input Validation (CWE-476)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Improper Input Validation (CWE-476)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27631",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27630 (GCVE-0-2021-27630)

    Vulnerability from nvd – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-476 - Improper Input Validation (CWE-476)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.220Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Improper Input Validation (CWE-476)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27630",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27629 (GCVE-0-2021-27629)

    Vulnerability from nvd – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-125 - Improper Input Validation (CWE-125)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Improper Input Validation (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27629",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27628 (GCVE-0-2021-27628)

    Vulnerability from nvd – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-787 - Improper Input Validation (CWE-787)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL32UC - 7.22
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Affected: < 7.77
    Affected: < 7.81
    Affected: < 7.82
    Affected: < 7.83
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3021197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL32UC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.77"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.81"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.82"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.83"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Improper Input Validation (CWE-787)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3021197"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27628",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27607 (GCVE-0-2021-27607)

    Vulnerability from nvd – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-476 - Improper Input Validation (CWE-476)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL32UC - 7.22
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Affected: < 7.77
    Affected: < 7.81
    Affected: < 7.82
    Affected: < 7.83
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:09.719Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3021197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL32UC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.77"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.81"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.82"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.83"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Improper Input Validation (CWE-476)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3021197"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27607",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:09.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27606 (GCVE-0-2021-27606)

    Vulnerability from nvd – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-125 - Improper Input Validation (CWE-125)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.112Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Improper Input Validation (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27606",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0321 (GCVE-0-2019-0321)

    Vulnerability from nvd – Published: 2019-07-10 18:54 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Server and ABAP Platform (SAP Basis) Affected: < 7.31
    Affected: < 7.4
    Affected: < 7.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "109078",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109078"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2773888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Server and ABAP Platform (SAP Basis)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.4"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-10T18:55:33.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "109078",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109078"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2773888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Server and ABAP Platform (SAP Basis)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.4"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "109078",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109078"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2773888",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2773888"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0321",
        "datePublished": "2019-07-10T18:54:44.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0257 (GCVE-0-2019-0257)

    Vulnerability from nvd – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Platform(SAP Basis) Affected: < from 7.0 to 7.02
    Affected: < from 7.10 to 7.11
    Affected: < 7.30
    Affected: < 7.31
    Affected: < 7.40
    Affected: < from 7.50 to 7.53
    Affected: < from 7.74 to 7.75
    Create a notification for this product.
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2728839"
              },
              {
                "name": "106999",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106999"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Platform(SAP Basis)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c from 7.0 to 7.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.10 to 7.11"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.30"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.40"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.50 to 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.74 to 7.75"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-16T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2728839"
            },
            {
              "name": "106999",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106999"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Platform(SAP Basis)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.0 to 7.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.10 to 7.11"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.30"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.40"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.50 to 7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.74 to 7.75"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2728839",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2728839"
                },
                {
                  "name": "106999",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106999"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0257",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-27902 (GCVE-0-2024-27902)

    Vulnerability from cvelistv5 – Published: 2024-03-12 00:45 – Updated: 2024-08-02 00:41
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)
    Summary
    Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27902",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:24:55.762101Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:47:26.941Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:41:55.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3377979"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eApplications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user\u2019s browser. There is no impact on the availability of the system\u003c/p\u003e"
                }
              ],
              "value": "Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user\u2019s browser. There is no impact on the availability of the system\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-12T00:45:08.794Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3377979"
            },
            {
              "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-27902",
        "datePublished": "2024-03-12T00:45:08.794Z",
        "dateReserved": "2024-02-27T06:26:16.787Z",
        "dateUpdated": "2024-08-02T00:41:55.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27668 (GCVE-0-2022-27668)

    Vulnerability from cvelistv5 – Published: 2022-06-14 16:57 – Updated: 2024-08-03 05:33
    VLAI
    Summary
    Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver and ABAP Platform Affected: KERNEL 7.49
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: 7.88
    Affected: KRNL64NUC 7.49
    Affected: KRNL64UC 7.49
    Affected: SAP_ROUTER 7.53
    Affected: 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:33:00.474Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3158375"
              },
              {
                "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver and ABAP Platform",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.49"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "7.88"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.49"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.49"
                },
                {
                  "status": "affected",
                  "version": "SAP_ROUTER 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T15:06:17.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3158375"
            },
            {
              "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-27668",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver and ABAP Platform",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.88"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "SAP_ROUTER 7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Depending on the configuration of the route permission table in file \u0027saprouttab\u0027, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-863"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3158375",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3158375"
                },
                {
                  "name": "20220915 SEC Consult SA-20220914-0 :: Improper Access Control in SAP SAProuter",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Sep/17"
                },
                {
                  "name": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/168406/SAP-SAProuter-Improper-Access-Control.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-27668",
        "datePublished": "2022-06-14T16:57:29.000Z",
        "dateReserved": "2022-03-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:33:00.474Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22543 (GCVE-0-2022-22543)

    Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2024-08-03 03:14
    VLAI
    Summary
    SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.
    Severity
    No CVSS data available.
    CWE
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) Affected: KERNEL 7.22
    Affected: 8.04
    Affected: 7.49
    Affected: 7.53
    Affected: 7.77
    Affected: 7.81
    Affected: 7.85
    Affected: 7.86
    Affected: 7.87
    Affected: KRNL64UC 8.04
    Affected: 7.22
    Affected: 7.22EXT
    Affected: KRNL64NUC 7.22
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3116223"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "8.04"
                },
                {
                  "status": "affected",
                  "version": "7.49"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.81"
                },
                {
                  "status": "affected",
                  "version": "7.85"
                },
                {
                  "status": "affected",
                  "version": "7.86"
                },
                {
                  "status": "affected",
                  "version": "7.87"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 8.04"
                },
                {
                  "status": "affected",
                  "version": "7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-24T15:19:34.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/3116223"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2022-22543",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "KERNEL 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.77"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.81"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.85"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.86"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.87"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64UC 8.04"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.53"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "KRNL64NUC 7.22"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.22EXT"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.49"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "null",
                "vectorString": "null",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/3116223",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/3116223"
                },
                {
                  "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
                  "refsource": "MISC",
                  "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2022-22543",
        "datePublished": "2022-02-09T22:05:27.000Z",
        "dateReserved": "2022-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-03T03:14:55.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27606 (GCVE-0-2021-27606)

    Vulnerability from cvelistv5 – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-125 - Improper Input Validation (CWE-125)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.112Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Improper Input Validation (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27606",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27607 (GCVE-0-2021-27607)

    Vulnerability from cvelistv5 – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-476 - Improper Input Validation (CWE-476)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL32UC - 7.22
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Affected: < 7.77
    Affected: < 7.81
    Affected: < 7.82
    Affected: < 7.83
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:09.719Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3021197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL32UC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.77"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.81"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.82"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.83"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method ThSncIn() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Improper Input Validation (CWE-476)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3021197"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27607",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:09.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27631 (GCVE-0-2021-27631)

    Vulnerability from cvelistv5 – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-476 - Improper Input Validation (CWE-476)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Improper Input Validation (CWE-476)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27631",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.401Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27628 (GCVE-0-2021-27628)

    Vulnerability from cvelistv5 – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-787 - Improper Input Validation (CWE-787)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL32UC - 7.22
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Affected: < 7.77
    Affected: < 7.81
    Affected: < 7.82
    Affected: < 7.83
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3021197"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL32UC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.77"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.81"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.82"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.83"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method DpRTmPrepareReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Improper Input Validation (CWE-787)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3021197"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27628",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27632 (GCVE-0-2021-27632)

    Vulnerability from cvelistv5 – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-476 - Improper Input Validation (CWE-476)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Improper Input Validation (CWE-476)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27632",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27630 (GCVE-0-2021-27630)

    Vulnerability from cvelistv5 – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-476 - Improper Input Validation (CWE-476)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.220Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EnqConvUniToSrvReq() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "Improper Input Validation (CWE-476)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27630",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27629 (GCVE-0-2021-27629)

    Vulnerability from cvelistv5 – Published: 2021-06-09 00:00 – Updated: 2024-08-03 21:26
    VLAI
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified.
    CWE
    • CWE-125 - Improper Input Validation (CWE-125)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP SE SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) Affected: < KRNL32NUC - 7.22
    Affected: < 7.22EXT
    Affected: < KRNL64NUC - 7.22
    Affected: < 7.49
    Affected: < KRNL64UC - 8.04
    Affected: < 7.22
    Affected: < 7.53
    Affected: < 7.73
    Affected: < KERNEL - 7.22
    Affected: < 8.04
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:26:10.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3020104"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c KRNL32NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64NUC - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.49"
                },
                {
                  "status": "affected",
                  "version": "\u003c KRNL64UC - 8.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.73"
                },
                {
                  "status": "affected",
                  "version": "\u003c KERNEL - 7.22"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.04"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncPSetUnsupported() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Improper Input Validation (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-17T00:00:00.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"
            },
            {
              "url": "https://launchpad.support.sap.com/#/notes/3020104"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2021-27629",
        "datePublished": "2021-06-09T00:00:00.000Z",
        "dateReserved": "2021-02-23T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:26:10.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0321 (GCVE-0-2019-0321)

    Vulnerability from cvelistv5 – Published: 2019-07-10 18:54 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Server and ABAP Platform (SAP Basis) Affected: < 7.31
    Affected: < 7.4
    Affected: < 7.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.476Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "109078",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109078"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2773888"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Server and ABAP Platform (SAP Basis)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.4"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-10T18:55:33.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "name": "109078",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109078"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2773888"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Server and ABAP Platform (SAP Basis)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.4"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "109078",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109078"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2773888",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2773888"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0321",
        "datePublished": "2019-07-10T18:54:44.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0257 (GCVE-0-2019-0257)

    Vulnerability from cvelistv5 – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE ABAP Platform(SAP Basis) Affected: < from 7.0 to 7.02
    Affected: < from 7.10 to 7.11
    Affected: < 7.30
    Affected: < 7.31
    Affected: < 7.40
    Affected: < from 7.50 to 7.53
    Affected: < from 7.74 to 7.75
    Create a notification for this product.
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2728839"
              },
              {
                "name": "106999",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106999"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ABAP Platform(SAP Basis)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c from 7.0 to 7.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.10 to 7.11"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.30"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.31"
                },
                {
                  "status": "affected",
                  "version": "\u003c 7.40"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.50 to 7.53"
                },
                {
                  "status": "affected",
                  "version": "\u003c from 7.74 to 7.75"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-16T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2728839"
            },
            {
              "name": "106999",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106999"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0257",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ABAP Platform(SAP Basis)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.0 to 7.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.10 to 7.11"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.30"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "7.40"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.50 to 7.53"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "from 7.74 to 7.75"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2728839",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2728839"
                },
                {
                  "name": "106999",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106999"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0257",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }