SAP NetWeaver Application Server ABAP 791

CPE Details

SAP NetWeaver Application Server ABAP 791
sap
netweaver_application_server_abap
791
2023-03-16
18h26 +00:00
2023-07-14
11h10 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:sap:netweaver_application_server_abap:791:*:*:*:*:*:*:*

Informations

Vendor

sap

Product

netweaver_application_server_abap

Version

791

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-28763 2023-04-11 02h52 +00:00 SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
6.5
Moyen
CVE-2023-27501 2023-03-14 05h06 +00:00 SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity
9.6
Critique
CVE-2023-27270 2023-03-14 04h58 +00:00 SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
6.5
Moyen
CVE-2023-27269 2023-03-14 04h58 +00:00 SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files.  In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.
9.6
Critique
CVE-2023-25618 2023-03-14 04h51 +00:00 SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
6.5
Moyen
CVE-2023-26459 2023-03-14 04h45 +00:00 Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.
7.4
Haute