Netweaver
by SAP
CVEs (113)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3787 | 0.00 | — | 0.01 | May 19, 2014 | SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. | |||
| CVE-2014-3129 | 0.00 | — | 0.02 | Apr 30, 2014 | The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. | |||
| CVE-2013-7364 | 0.00 | — | 0.02 | Apr 10, 2014 | An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||
| CVE-2014-1965 | 0.00 | — | 0.01 | Feb 14, 2014 | Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors… | |||
| CVE-2014-1964 | 0.00 | — | 0.01 | Feb 14, 2014 | Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. | |||
| CVE-2014-1963 | 0.00 | — | 0.02 | Feb 14, 2014 | Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. | |||
| CVE-2014-1961 | 0.00 | — | 0.02 | Feb 14, 2014 | Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. | |||
| CVE-2014-1960 | 0.00 | — | 0.01 | Feb 14, 2014 | The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-7094 | 0.00 | — | 0.01 | Dec 13, 2013 | SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-6869 | 0.00 | — | 0.01 | Nov 23, 2013 | SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2013-6823 | 0.00 | — | 0.01 | Nov 20, 2013 | GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2013-6822 | 0.00 | — | 0.02 | Nov 20, 2013 | GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. | |||
| CVE-2013-6821 | 0.00 | — | 0.02 | Nov 20, 2013 | Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-6819 | 0.00 | — | 0.01 | Nov 20, 2013 | Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6816 | 0.00 | — | 0.01 | Nov 20, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6815 | 0.00 | — | 0.02 | Nov 20, 2013 | The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. | |||
| CVE-2013-6814 | 0.00 | — | 0.02 | Nov 20, 2013 | The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. | |||
| CVE-2013-6244 | 0.00 | — | 0.02 | Oct 24, 2013 | The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity… | |||
| CVE-2013-5751 | 0.00 | — | 0.02 | Sep 16, 2013 | Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2013-5723 | 0.00 | — | 0.02 | Sep 12, 2013 | SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." |
- CVE-2014-3787May 19, 2014risk 0.00cvss —epss 0.01
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
- CVE-2014-3129Apr 30, 2014risk 0.00cvss —epss 0.02
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.
- CVE-2013-7364Apr 10, 2014risk 0.00cvss —epss 0.02
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.
- CVE-2014-1965Feb 14, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors…
- CVE-2014-1964Feb 14, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.
- CVE-2014-1963Feb 14, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.
- CVE-2014-1961Feb 14, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.
- CVE-2014-1960Feb 14, 2014risk 0.00cvss —epss 0.01
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2013-7094Dec 13, 2013risk 0.00cvss —epss 0.01
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-6869Nov 23, 2013risk 0.00cvss —epss 0.01
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2013-6823Nov 20, 2013risk 0.00cvss —epss 0.01
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
- CVE-2013-6822Nov 20, 2013risk 0.00cvss —epss 0.02
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.
- CVE-2013-6821Nov 20, 2013risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2013-6819Nov 20, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-6816Nov 20, 2013risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-6815Nov 20, 2013risk 0.00cvss —epss 0.02
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
- CVE-2013-6814Nov 20, 2013risk 0.00cvss —epss 0.02
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.
- CVE-2013-6244Oct 24, 2013risk 0.00cvss —epss 0.02
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity…
- CVE-2013-5751Sep 16, 2013risk 0.00cvss —epss 0.02
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2013-5723Sep 12, 2013risk 0.00cvss —epss 0.02
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
Page 5 of 6