Sap Business Application Software Integrated Solution vulnerabilities

6 known vulnerabilities affecting sap/business_application_software_integrated_solution.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2019-0279HIGHCVSS 8.8≥ 7.00, ≤ 7.02≥ 7.10, ≤ 7.30+3 more2019-04-10
CVE-2019-0279 [HIGH] CWE-862 CVE-2019-0279: ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPI ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.
nvd
CVE-2018-2494HIGHCVSS 8.0≥ 7.00, ≤ 7.02≥ 7.10, ≤ 7.30+3 more2018-12-11
CVE-2018-2494 [HIGH] CWE-863 CVE-2018-2494: Necessary authorization checks for an authenticated user, resulting in escalation of privileges, hav Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
nvd
CVE-2018-2367HIGHCVSS 8.8≥ 7.00, ≤ 7.02≥ 7.10, ≤ 7.11+4 more2018-03-01
CVE-2018-2367 [HIGH] CWE-22 CVE-2018-2367: ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
nvd
CVE-2018-2363HIGHCVSS 8.8≥ 7.00, ≤ 7.02≥ 7.10, ≤ 7.11+4 more2018-01-09
CVE-2018-2363 [HIGH] CWE-94 CVE-2018-2363: SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.
nvd
CVE-2017-16682HIGHCVSS 7.2≥ 7.00, ≤ 7.02≥ 7.50, ≤ 7.52+3 more2017-12-12
CVE-2017-16682 [HIGH] CWE-94 CVE-2017-16682: SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
nvd
CVE-2017-16691MEDIUMCVSS 6.5v7.00v7.01+9 more2017-12-12
CVE-2017-16691 [MEDIUM] CWE-20 CVE-2017-16691: SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SA
nvd