Search
Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2107 | 2 Hp, Sap | 2 Operations Manager I Management Pack, Netweaver | 2019-10-09 | 6.8 MEDIUM | N/A |
| HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | |||||
| CVE-2014-0995 | 1 Sap | 1 Netweaver | 2018-12-13 | 5.0 MEDIUM | N/A |
| The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. | |||||
| CVE-2015-6662 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.8 MEDIUM | N/A |
| XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. | |||||
| CVE-2011-4707 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet. | |||||
| CVE-2011-5260 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." | |||||
| CVE-2013-6814 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.8 MEDIUM | N/A |
| The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | |||||
| CVE-2013-6815 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-6816 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6819 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6821 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-6822 | 1 Sap | 1 Netweaver | 2018-12-10 | 10.0 HIGH | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-6823 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.4 MEDIUM | N/A |
| GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2013-6869 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-7094 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2018-12-10 | 5.0 MEDIUM | N/A |
| The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-1961 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | |||||
| CVE-2014-1963 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
| CVE-2014-1964 | 1 Sap | 2 Netweaver, Netweaver Exchange Infrastructure \(bc-xi\) | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | |||||
| CVE-2014-1965 | 1 Sap | 1 Netweaver | 2018-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | |||||
| CVE-2014-6252 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.5 MEDIUM | N/A |
| Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-8591 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | |||||
| CVE-2014-8592 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | |||||
| CVE-2015-2815 | 1 Sap | 1 Netweaver | 2018-12-10 | 6.5 MEDIUM | N/A |
| Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | |||||
| CVE-2015-2817 | 1 Sap | 1 Netweaver | 2018-12-10 | 5.0 MEDIUM | N/A |
| The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | |||||
| CVE-2015-5067 | 1 Sap | 1 Netweaver | 2018-12-10 | 7.5 HIGH | N/A |
| The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. | |||||
| CVE-2008-3358 | 2 Microsoft, Sap | 2 Internet Explorer, Netweaver | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain document. | |||||
| CVE-2008-1846 | 1 Sap | 1 Netweaver | 2018-10-11 | 4.3 MEDIUM | N/A |
| The default configuration of SAP NetWeaver before 7.0 SP15 does not enable the "Always Use Secure HTML Editor" (aka Editor Security or Secure Editing) parameter, which allows remote attackers to conduct cross-site scripting (XSS) attacks by entering feedback for a file. | |||||
| CVE-2010-1609 | 1 Sap | 1 Netweaver | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-2932 | 1 Sap | 1 Netweaver | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field. | |||||
| CVE-2014-4003 | 1 Sap | 1 Netweaver | 2018-10-09 | 7.5 HIGH | N/A |
| The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | |||||
| CVE-2011-5263 | 1 Sap | 1 Netweaver | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. | |||||
| CVE-2012-2612 | 1 Sap | 1 Netweaver | 2017-12-29 | 5.0 MEDIUM | N/A |
| The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-2514 | 1 Sap | 1 Netweaver | 2017-12-06 | 5.0 MEDIUM | N/A |
| The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2013-5751 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2013-3319 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. | |||||
| CVE-2012-2513 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-1289 | 1 Sap | 1 Netweaver | 2017-08-29 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. | |||||
| CVE-2012-2511 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2012-2512 | 1 Sap | 1 Netweaver | 2017-08-29 | 5.0 MEDIUM | N/A |
| The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. | |||||
| CVE-2010-2904 | 1 Sap | 2 Netweaver, System Landscape Directory | 2017-08-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. | |||||
| CVE-2014-8587 | 1 Sap | 5 Commoncryptolib, Hana, Netweaver and 2 more | 2015-02-04 | 7.5 HIGH | N/A |
| SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | |||||
| CVE-2014-3787 | 1 Sap | 1 Netweaver | 2014-05-20 | 5.0 MEDIUM | N/A |
| SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | |||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2014-04-11 | 7.5 HIGH | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||||
| CVE-2013-3243 | 2 Opentext, Sap | 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver | 2013-11-22 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | |||||
| CVE-2013-6244 | 1 Sap | 1 Netweaver | 2013-10-31 | 5.0 MEDIUM | N/A |
| The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2012-2611 | 1 Sap | 1 Netweaver | 2012-08-19 | 9.3 HIGH | N/A |
| The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. | |||||
| CVE-2012-1292 | 1 Sap | 1 Netweaver | 2012-02-27 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. | |||||
| CVE-2012-1291 | 1 Sap | 1 Netweaver | 2012-02-24 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. | |||||
| CVE-2012-1290 | 1 Sap | 1 Netweaver | 2012-02-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. | |||||