Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct.
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed.
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
Directory traversal vulnerability in SAP CMS and CM Services allows attackers to upload arbitrary files via unspecified vectors.
SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper restriction of I/O buffering into encrypted SMTP sessions over the network which can partially impact the integrity of the application.
SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to inject arbitrary audit trail fields into the SYSLOG via vectors related to the SQL protocol, aka SAP Security Note 2197459.
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.
SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.
The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513.
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data.
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors.
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.
An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. This could lead to information disclosure including stealing authentication information and impersonating the affected user.
Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.
SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with basic level privileges to store a malicious script on SAP Lumira Server. The execution of the script content, by a victim registered on SAP Lumira Server, could compromise the confidentiality and integrity of SAP Lumira content.
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.
SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.
SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker.
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.
Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.
SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.
Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114.