45 matches found
CVE-2013-6244
The Live Update webdynpro application webdynpro/dispatcher/sap.com/tcslmuilup/LUP in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an...
CVE-2013-6244
The CVE-2013-6244 issue affects SAP NetWeaver 7.31 and earlier, in the Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP). The root cause is an XML External Entity (XXE) vulnerability where an XML document containing an external entity declaration and an entity ref...
SAP Portal webdynpro - information disclosure
Application: SAP NetWeaver J2EE 7.31 Vendor URL: SAP Bug: Information Disclosure Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 14.06.2016 Reference: SAP Security Note 2197262 Author: Alexander Polyakov VULNERABILITY INFORMATION Class: Information disclosure Impact:...
SAP Portal WebDynPro - Path disclosure
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1852146 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:...
[Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-00: SAP WebDynpro Runtime XSS/CSS Injection This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...