Vulnerabilities > SAP > SAP Kernel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-12 CVE-2019-0271 Improper Input Validation vulnerability in SAP products
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability.
network
low complexity
sap CWE-20
4.0
2018-08-14 CVE-2018-2441 Unspecified vulnerability in SAP Kernel
Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted.
network
low complexity
sap
5.5
2018-07-10 CVE-2018-2433 Unspecified vulnerability in SAP Kernel
SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
5.0
2018-01-09 CVE-2018-2360 Missing Authentication for Critical Function vulnerability in SAP Kernel 7.45/7.49/7.52
SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage.
network
low complexity
sap CWE-306
5.0
2017-12-12 CVE-2017-16689 Improper Authentication vulnerability in SAP Kernel
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
network
low complexity
sap CWE-287
6.5
2017-12-12 CVE-2017-16679 Open Redirect vulnerability in SAP Kernel
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
network
sap CWE-601
5.8
2017-02-15 CVE-2017-5997 Missing Release of Resource after Effective Lifetime vulnerability in SAP Kernel 7.21/7.22/7.42
The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972.
network
low complexity
sap CWE-772
5.0
2015-01-15 CVE-2014-9595 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Kernel 7.00/7.40
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
network
low complexity
sap CWE-119
6.5
2015-01-15 CVE-2014-9594 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Kernel 7.00/7.40
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
network
low complexity
sap CWE-119
6.5
2010-01-12 CVE-2009-4603 Denial Of Service vulnerability in SAP Kernel 'sapstartsrv'
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service (Management Console shutdown) via a crafted request.
network
low complexity
sap
5.0