SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSap Commoncryptolib
APPSap8.0.0Sap Content Server
APPSap6.507.537.54Sap Extended Application Services And Runtime
APPSap1.0Sap Hana Database
APPSap2.0Sap Host Agent
APPSap722Sap Netweaver Application Server Abap
APPSap7.22extkernel64nuc_7.22kernel64nuc_7.22extkernel64uc_7.22kernel64uc_7.22extkernel64uc_7.53kernel64uc_8.04kernel_7.22kernel_7.53kernel_7.54kernel_7.77kernel_7.85kernel_7.89kernel_7.91kernel_7.92+ 2 więcejSap Netweaver Application Server Java
APPSapkernel64nuc_7.22kernel64nuc_7.22extkernel64uc_7.22kernel64uc_7.22extkernel64uc_7.53kernel64uc_8.04kernel_7.22kernel_7.53kernel_7.54kernel_7.77kernel_7.85kernel_7.89kernel_7.91kernel_7.92kernel_7.93+ 1 więcejSap Sapssoext
APPSap17.0Sap Web Dispatcher
APPSap7.22ext7.537.547.777.857.89
Powiązane podatności
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Serve...
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authen...
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require ...
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to ex...
SAP CRM / S/4HANA Scripting Editor — nieautoryzowane wykonanie SQL