Netweaver
Sign in to watchby SAP
CVEs (56)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-2815 | 0.00 | — | 0.03 | Apr 1, 2015 | Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. | ||
| CVE-2014-8592 | 0.00 | — | 0.02 | Nov 4, 2014 | Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. | ||
| CVE-2014-8591 | 0.00 | — | 0.01 | Nov 4, 2014 | Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. | ||
| CVE-2014-8587 | 0.00 | — | 0.01 | Nov 4, 2014 | SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | ||
| CVE-2014-6252 | 0.00 | — | 0.02 | Sep 5, 2014 | Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. | ||
| CVE-2014-4003 | 0.00 | — | 0.01 | Jun 9, 2014 | The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. | ||
| CVE-2013-7364 | 0.00 | — | 0.01 | Apr 10, 2014 | An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | ||
| CVE-2014-1965 | 0.00 | — | 0.00 | Feb 14, 2014 | Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. | ||
| CVE-2014-1964 | 0.00 | — | 0.00 | Feb 14, 2014 | Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | ||
| CVE-2014-1963 | 0.00 | — | 0.01 | Feb 14, 2014 | Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | ||
| CVE-2014-1961 | 0.00 | — | 0.00 | Feb 14, 2014 | Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | ||
| CVE-2014-1960 | 0.00 | — | 0.00 | Feb 14, 2014 | The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2013-7094 | 0.00 | — | 0.01 | Dec 13, 2013 | SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2013-6869 | 0.00 | — | 0.00 | Nov 23, 2013 | SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2013-6823 | 0.00 | — | 0.00 | Nov 20, 2013 | GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||
| CVE-2013-6822 | 0.00 | — | 0.02 | Nov 20, 2013 | GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | ||
| CVE-2013-6821 | 0.00 | — | 0.00 | Nov 20, 2013 | Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2013-6819 | 0.00 | — | 0.00 | Nov 20, 2013 | Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2013-6816 | 0.00 | — | 0.00 | Nov 20, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2013-6815 | 0.00 | — | 0.01 | Nov 20, 2013 | The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. |
Page 2 of 3