Sap Netweaver Luki w zabezpieczeniach

Oś czasu

Ostatni rok

Wersja

7.3087
7.5085
7.4081
7.3180
7.2058

Przeciwdziałanie

Official Fix185
Temporary Fix0
Workaround2
Unavailable1
Not Defined187

Wykorzystywanie

High7
Functional0
Proof-of-Concept63
Unproven20
Not Defined285

Wektor dostępu

Not Defined0
Physical1
Local3
Adjacent27
Network344

Uwierzytelnianie

Not Defined0
High38
Low112
None225

Interakcja z użytkownikiem

Not Defined0
Required99
None276

C3BM Index

Ostatni rok

CVSSv3 Base

≤10
≤20
≤32
≤424
≤571
≤6113
≤759
≤861
≤918
≤1027

CVSSv3 Temp

≤10
≤20
≤32
≤432
≤589
≤6103
≤756
≤853
≤932
≤108

VulDB

≤10
≤20
≤38
≤436
≤599
≤680
≤758
≤862
≤96
≤1026

NVD

≤10
≤20
≤31
≤41
≤519
≤621
≤744
≤831
≤916
≤1028

CNA

≤10
≤20
≤30
≤42
≤54
≤65
≤717
≤81
≤95
≤109

Sprzedawca

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤101

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploit 0-day

<1k1
<2k0
<5k30
<10k138
<25k174
<50k31
<100k0
≥100k1

Wykorzystaj dzisiaj

<1k157
<2k40
<5k87
<10k63
<25k28
<50k0
<100k0
≥100k0

Wykorzystaj wielkość rynku

Ostatni rok

🔴 CTI Zajęcia

Affected Versions (168): 2.0 SP5, 3.0, 4.0, 5.555.38, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 6.11, 6.12, 6.13, 6.14, 6.15, 6.16, 6.17, 6.18, 6.19, 6.20, 6.21, 6.22, 6.23, 6.24, 6.25, 6.26, 6.27, 6.28, 6.29, 6.30, 6.31, 6.32, 6.33, 6.34, 6.35, 6.36, 6.37, 6.38, 6.39, 6.40, 7.0, 7.0 EHP2, 7.0.573, 7.00, 7.01, 7.02, 7.03, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 7.10, 7.11, 7.12, 7.13, 7.14, 7.15, 7.16, 7.17, 7.18, 7.19, 7.20, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.23, 7.24, 7.25, 7.26, 7.27, 7.28, 7.29, 7.30, 7.30 (Basis 720 SP 0, 7.31, 7.31. 7.4, 7.31.201109172004, 7.32, 7.33, 7.34, 7.35, 7.36, 7.37, 7.38, 7.39, 7.40, 7.40 SP12, 7.41, 7.42, 7.43, 7.44, 7.45, 7.46, 7.47, 7.48, 7.49, 7.50, 7.50The, 7.51, 7.52, 7.53, 7.54, 7.70, 7.70 BYD, 7.70 PI, 7.73, 7.74, 7.75, 7.77, 7.81, 7.82, 7.83, 7.84, 7.85, 7.86, 7.87, 7.88, 8.04, 75A, 75B, 75C, 75D, 75E, 700, 701, 702, 707, 710, 710.750, 711, 720, 730, 731, 737, 740, 747, 750, 751, 752, 753, 754, 755, 756, 757, 782, 784, 786, 787, 789, 790, 791, 804, 2004s, 7400.12.21.30308, <=700, Kernel 720 patch 68), Sp8

Link to Product Website: https://www.sap.com

Typ oprogramowania: Solution Stack Software

OpublikowanoBaseTempSłaby punkt0dayDzisiajWykPrzCTICVE
2023-04-115.35.2SAP NetWeaver AS Java for Deploy Service Directory API weak authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2023-24527
2023-04-116.36.3SAP NetWeaver BI CONT Addon directory traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-29186
2023-04-115.04.9SAP NetWeaver AS for ABAP Business Server Pages denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-29185
2023-04-115.45.3SAP NetWeaver AS for ABAP and ABAP Platform denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-28763
2023-04-116.96.8SAP NetWeaver Enterprise Portal Open API weak authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2023-28761
2023-03-145.35.2SAP NetWeaver Application Server for Java Cache Management Service privilege escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-26460
2023-03-145.25.1SAP NetWeaver cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2023-0021
2023-03-147.47.3SAP NetWeaver AS for ABAP and ABAP Platform directory traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-27501
2023-03-147.57.4SAP NetWeaver Application Server for ABAP and ABAP Platform directory traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-27269
2023-03-145.35.2SAP NetWeaver AS Java Object Analyzing Service privilege escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-27268
2023-03-146.86.7SAP NetWeaver AS for ABAP and ABAP Platform privilege escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-26459
2023-03-145.35.2SAP NetWeaver Application Server Java for Classload Service weak authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-24526
2023-03-145.45.3SAP NetWeaver Application Server for ABAP and ABAP Platform denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2023-27270
2023-03-144.84.8SAP NetWeaver Enterprise Portal XML External Entity$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-26461
2023-03-145.45.3SAP NetWeaver Application Server for ABAP and ABAP Platform Error denial of service$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-25618
2023-03-148.68.5SAP NetWeaver AS for Java Open Interface weak authentication$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2023-23857
2023-02-146.26.0SAP NetWeaver Application Server for ABAP and ABAP Platform Link Redirect$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2023-23853
2023-02-145.75.6SAP NetWeaver Application Server ABAP Link Redirect$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2023-23860
2023-02-145.25.1SAP NetWeaver Application Server ABAP Link cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2023-23859
2023-02-144.64.6SAP NetWeaver Application Server ABAP privilege escalation$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-23854
2023-02-145.25.1SAP NetWeaver AS ABAP cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2023-25614
2023-02-145.25.1SAP NetWeaver AS ABAP Business Server Pages cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-24522
2023-02-145.25.1SAP NetWeaver AS ABAP BSP Framework cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2023-24521
2023-02-145.25.1SAP NetWeaver Application Server ABAP URL cross site scripting$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2023-23858
2023-01-274.04.0SAP NetWeaver AS JAVA HTTP Request information disclosure$5k-$25k$0-$5kNot DefinedNot Defined0.05CVE-2021-33687

350 więcej wpisów nie jest pokazywanych

więcej wpisów autorstwa Sap

Want to stay up to date on a daily basis?

Enable the mail alert feature now!