Vulnerabilities > SAP > SAP Kernel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-12 | CVE-2019-0271 | Improper Input Validation vulnerability in SAP products ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. | 4.0 |
| 2018-08-14 | CVE-2018-2441 | Unspecified vulnerability in SAP Kernel Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. | 5.5 |
| 2018-07-10 | CVE-2018-2433 | Unspecified vulnerability in SAP Kernel SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | 5.0 |
| 2018-01-09 | CVE-2018-2360 | Missing Authentication for Critical Function vulnerability in SAP Kernel 7.45/7.49/7.52 SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | 5.0 |
| 2017-12-12 | CVE-2017-16689 | Improper Authentication vulnerability in SAP Kernel A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. | 6.5 |
| 2017-12-12 | CVE-2017-16679 | Open Redirect vulnerability in SAP Kernel URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. | 5.8 |
| 2017-02-15 | CVE-2017-5997 | Missing Release of Resource after Effective Lifetime vulnerability in SAP Kernel 7.21/7.22/7.42 The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972. | 5.0 |
| 2015-01-15 | CVE-2014-9595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Kernel 7.00/7.40 Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271. | 6.5 |
| 2015-01-15 | CVE-2014-9594 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Kernel 7.00/7.40 Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734. | 6.5 |
| 2010-01-12 | CVE-2009-4603 | Denial Of Service vulnerability in SAP Kernel 'sapstartsrv' Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request. | 5.0 |