VYPR

Netweaver

by SAP

CVEs (113)

  • CVE-2014-3787May 19, 2014
    risk 0.00cvss epss 0.01

    SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.

  • CVE-2014-3129Apr 30, 2014
    risk 0.00cvss epss 0.02

    The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.

  • CVE-2013-7364Apr 10, 2014
    risk 0.00cvss epss 0.02

    An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.

  • CVE-2014-1965Feb 14, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors…

  • CVE-2014-1964Feb 14, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.

  • CVE-2014-1963Feb 14, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.

  • CVE-2014-1961Feb 14, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.

  • CVE-2014-1960Feb 14, 2014
    risk 0.00cvss epss 0.01

    The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2013-7094Dec 13, 2013
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2013-6869Nov 23, 2013
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2013-6823Nov 20, 2013
    risk 0.00cvss epss 0.01

    GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2013-6822Nov 20, 2013
    risk 0.00cvss epss 0.02

    GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.

  • CVE-2013-6821Nov 20, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2013-6819Nov 20, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-6816Nov 20, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-6815Nov 20, 2013
    risk 0.00cvss epss 0.02

    The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.

  • CVE-2013-6814Nov 20, 2013
    risk 0.00cvss epss 0.02

    The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.

  • CVE-2013-6244Oct 24, 2013
    risk 0.00cvss epss 0.02

    The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity…

  • CVE-2013-5751Sep 16, 2013
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2013-5723Sep 12, 2013
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."

Page 5 of 6