CVE-2021-37531

SAP NetWeaver Knowledge Management XML Forms versions – 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system.

Source: CVE-2021-37531

CVE-2021-37535

SAP NetWeaver Application Server Java (JMS Connector Service) – versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.

Source: CVE-2021-37535

CVE-2021-38150

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions – 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid.

Source: CVE-2021-38150

CVE-2021-38163

SAP NetWeaver (Visual Composer 7.0 RT) versions – 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.

Source: CVE-2021-38163

CVE-2021-38162

SAP Web Dispatcher versions – 7.49, 7.53, 7.77, 7.81, KRNL64NUC – 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL – 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify any information on the server or consume server resources making it temporarily unavailable.

Source: CVE-2021-38162

CVE-2021-37532

SAP Business One version – 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.

Source: CVE-2021-37532

CVE-2021-33675

Under certain conditions, SAP Contact Center – version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the victim’s browser.

Source: CVE-2021-33675

CVE-2021-33688

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained.

Source: CVE-2021-33688

CVE-2021-33686

Under certain conditions, SAP Business One version – 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.

Source: CVE-2021-33686

CVE-2021-36581

Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.

Source: CVE-2021-36581