VYPR

Netweaver

by SAP

CVEs (113)

  • CVE-2020-6184Feb 12, 2020
    risk 0.00cvss epss 0.01

    Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

  • CVE-2020-6193Feb 12, 2020
    risk 0.00cvss epss 0.01

    SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability.

  • CVE-2011-1517Feb 5, 2020
    risk 0.00cvss epss 0.04

    SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.

  • CVE-2013-1593Jan 23, 2020
    risk 0.00cvss epss 0.02

    A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.

  • CVE-2019-0270Mar 12, 2019
    risk 0.00cvss epss 0.01

    ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT,…

  • CVE-2018-2494Dec 11, 2018
    risk 0.00cvss epss 0.01

    Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Platform.

  • CVE-2018-2477Nov 13, 2018
    risk 0.00cvss epss 0.02

    Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.

  • CVE-2018-2476Nov 13, 2018
    risk 0.00cvss epss 0.01

    Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.

  • CVE-2015-6662Aug 24, 2015
    risk 0.00cvss epss 0.02

    XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.

  • CVE-2015-5067Jun 24, 2015
    risk 0.00cvss epss 0.03

    The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.

  • CVE-2015-2282Jun 2, 2015
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and…

  • CVE-2015-2278Jun 2, 2015
    risk 0.00cvss epss 0.02

    The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows…

  • CVE-2015-3981May 12, 2015
    risk 0.00cvss epss 0.02

    SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037.

  • CVE-2015-2817Apr 1, 2015
    risk 0.00cvss epss 0.02

    The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.

  • CVE-2015-2815Apr 1, 2015
    risk 0.00cvss epss 0.04

    Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security…

  • CVE-2014-8592Nov 4, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.

  • CVE-2014-8591Nov 4, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.

  • CVE-2014-8587Nov 4, 2014
    risk 0.00cvss epss 0.01

    SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

  • CVE-2014-6252Sep 5, 2014
    risk 0.00cvss epss 0.02

    Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.

  • CVE-2014-4003Jun 9, 2014
    risk 0.00cvss epss 0.03

    The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.

Page 4 of 6