Vulnerabilities > SAP > Business Application Software Integrated Solution

DATE CVE VULNERABILITY TITLE RISK
2019-04-10 CVE-2019-0279 Missing Authorization vulnerability in SAP Business Application Software Integrated Solution
ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed in versions 7.0 to 7.02, 7.10 to 7.30, 7.31, 7.40, 7.50 to 7.53) do not perform necessary authorization checks in all circumstances for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-862
6.5
2018-12-11 CVE-2018-2494 Incorrect Authorization vulnerability in SAP Business Application Software Integrated Solution
Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.
network
low complexity
sap CWE-863
6.5
2018-03-01 CVE-2018-2367 Path Traversal vulnerability in SAP Business Application Software Integrated Solution
ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
network
low complexity
sap CWE-22
6.5
2018-01-09 CVE-2018-2363 Code Injection vulnerability in SAP products
SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice.
network
low complexity
sap CWE-94
6.5
2017-12-12 CVE-2017-16691 Improper Input Validation vulnerability in SAP Business Application Software Integrated Solution
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'.
network
sap CWE-20
5.8
2017-12-12 CVE-2017-16682 Code Injection vulnerability in SAP products
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
network
low complexity
sap CWE-94
6.5