admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-07-14 12:00:55 +00:00
parent 27f3c5395a
commit bf10246e14
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
15 changed files with 1280 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/7xxx/CVE-2018-7801.json
View File

@ -66,6 +66,11 @@
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01"
},
{
"refsource": "FULLDISC",
"name": "20210714 SEC Consult SA-20210714-0 :: Critical vulnerabilities in Schneider Electric EVlink Charging Stations",
"url": "http://seclists.org/fulldisclosure/2021/Jul/32"
}
]
}

67
2021/33xxx/CVE-2021-33667.json
View File

@ -4,14 +4,75 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Business Objects Web Intelligence (BI Launchpad)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "420"
},
{
"version_name": "<",
"version_value": "430"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a part of the frontend application, which would otherwise be restricted."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3044751",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3044751"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
}
]
}

87
2021/33xxx/CVE-2021-33670.json
View File

@ -4,14 +4,95 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS for Java (Http Service)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10"
},
{
"version_name": "<",
"version_value": "7.11"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3056652",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3056652"
}
]
}

83
2021/33xxx/CVE-2021-33671.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Guided Procedures (Administration Workset)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/3059446",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3059446"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
}
]
}

83
2021/33xxx/CVE-2021-33676.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33676",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP CRM",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "700"
},
{
"version_name": "<",
"version_value": "701"
},
{
"version_name": "<",
"version_value": "702"
},
{
"version_name": "<",
"version_value": "712"
},
{
"version_name": "<",
"version_value": "713"
},
{
"version_name": "<",
"version_value": "714"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.8",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authority Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3066316",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3066316"
}
]
}

95
2021/33xxx/CVE-2021-33677.json
View File

@ -4,14 +4,103 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33677",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "700"
},
{
"version_name": "<",
"version_value": "702"
},
{
"version_name": "<",
"version_value": "730"
},
{
"version_name": "<",
"version_value": "731"
},
{
"version_name": "<",
"version_value": "804"
},
{
"version_name": "<",
"version_value": "740"
},
{
"version_name": "<",
"version_value": "750"
},
{
"version_name": "<",
"version_value": "784"
},
{
"version_name": "<",
"version_value": "DEV"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3044754",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3044754"
}
]
}

131
2021/33xxx/CVE-2021-33678.json
View File

@ -4,14 +4,139 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33678",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP (Reconciliation Framework)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "700"
},
{
"version_name": "<",
"version_value": "701"
},
{
"version_name": "<",
"version_value": "702"
},
{
"version_name": "<",
"version_value": "710"
},
{
"version_name": "<",
"version_value": "711"
},
{
"version_name": "<",
"version_value": "730"
},
{
"version_name": "<",
"version_value": "731"
},
{
"version_name": "<",
"version_value": "740"
},
{
"version_name": "<",
"version_value": "750"
},
{
"version_name": "<",
"version_value": "751"
},
{
"version_name": "<",
"version_value": "752"
},
{
"version_name": "<",
"version_value": "75A"
},
{
"version_name": "<",
"version_value": "75B"
},
{
"version_name": "<",
"version_value": "75B"
},
{
"version_name": "<",
"version_value": "75C"
},
{
"version_name": "<",
"version_value": "75D"
},
{
"version_name": "<",
"version_value": "75E"
},
{
"version_name": "<",
"version_value": "75F"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95 (Code Injection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3048657",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3048657"
}
]
}

63
2021/33xxx/CVE-2021-33680.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33680",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP 3D Visual Enterprise Viewer",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming temporarily unavailable until the user restarts the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 (Buffer Overflow)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3067890",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3067890"
}
]
}

63
2021/33xxx/CVE-2021-33681.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33681",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP 3D Visual Enterprise Viewer",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9.0"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becoming temporarily unavailable until the user restarts the application."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 (Out-of-bounds Write)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3067890",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3067890"
}
]
}

63
2021/33xxx/CVE-2021-33682.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33682",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Lumira Server",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "2.4"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with basic level privileges to store a malicious script on SAP Lumira Server. The execution of the script content, by a victim registered on SAP Lumira Server, could compromise the confidentiality and integrity of SAP Lumira content."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3053403",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3053403"
}
]
}

199
2021/33xxx/CVE-2021-33683.json
View File

@ -4,14 +4,207 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33683",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Web Dispatcher and Internet Communication Manager",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "KRNL32NUC 7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "KRNL32UC 7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "KRNL64NUC 7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "KRNL64UC 7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.53"
},
{
"version_name": "<",
"version_value": "7.73"
},
{
"version_name": "<",
"version_value": "WEBDISP 7.53"
},
{
"version_name": "<",
"version_value": "7.73"
},
{
"version_name": "<",
"version_value": "7.77"
},
{
"version_name": "<",
"version_value": "7.81"
},
{
"version_name": "<",
"version_value": "7.82"
},
{
"version_name": "<",
"version_value": "7.83"
},
{
"version_name": "<",
"version_value": "KERNEL 7.21"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.53"
},
{
"version_name": "<",
"version_value": "7.73"
},
{
"version_name": "<",
"version_value": "7.77"
},
{
"version_name": "<",
"version_value": "7.81"
},
{
"version_name": "<",
"version_value": "7.82"
},
{
"version_name": "<",
"version_value": "7.83"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444 (HTTP Request Smuggling)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3000663",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3000663"
}
]
}

179
2021/33xxx/CVE-2021-33684.json
View File

@ -4,14 +4,187 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33684",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP and ABAP Platform",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "KRNL32NUC 7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "KRNL32UC 7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "KRNL64NUC 7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "KRNL64UC 8.04"
},
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.53"
},
{
"version_name": "<",
"version_value": "KERNEL 8.04"
},
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.53"
},
{
"version_name": "<",
"version_value": "7.77"
},
{
"version_name": "<",
"version_value": "7.81"
},
{
"version_name": "<",
"version_value": "7.84"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84, allows an attacker to send overlong content in the RFC request type thereby crashing the corresponding work process because of memory corruption vulnerability. The work process will attempt to restart itself after the crash and hence the impact on the availability is low."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3032624",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3032624"
}
]
}

83
2021/33xxx/CVE-2021-33687.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33687",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS JAVA (Enterprise Portal)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other attacks such as XSS to steal this information."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3059764",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3059764"
}
]
}

63
2021/33xxx/CVE-2021-33689.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-33689",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS JAVA (Administrator applications)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Logging (CWE-778)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"
},
{
"url": "https://launchpad.support.sap.com/#/notes/3038594",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/3038594"
}
]
}

61
2021/35xxx/CVE-2021-35469.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-35469",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-35469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://support.lexmark.com/alerts/",
"refsource": "MISC",
"name": "http://support.lexmark.com/alerts/"
},
{
"refsource": "MISC",
"name": "http://support.lexmark.com/index?id=TE952&page=content&locale=en&userlocale=EN_US",
"url": "http://support.lexmark.com/index?id=TE952&page=content&locale=en&userlocale=EN_US"
}
]
}