Internet Transaction Server Security Vulnerabilities and Issues — Internet Transaction Server CVE List

Lucene search

SapInternet Transaction Server

9 matches found

CVE•added 2003/10/20 4:0 a.m.•55 views

CVE-2003-0748

Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can pr...

5CVSS6.8AI score0.06855EPSS

CVE•added 2018/05/24 7:29 p.m.•54 views

CVE-2018-11415

SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.

6.1CVSS6AI score0.02523EPSS

CVE•added 2003/10/20 4:0 a.m.•50 views

CVE-2003-0749

Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.

6.8CVSS5.9AI score0.05519EPSS

CVE•added 2006/10/03 4:3 a.m.•45 views

CVE-2006-5114

Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749.

6.8CVSS5.6AI score0.12081EPSS

CVE•added 2004/04/15 4:0 a.m.•43 views

CVE-2003-1038

The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.

5CVSS6.6AI score0.00346EPSS

CVE•added 2003/10/20 4:0 a.m.•42 views

CVE-2003-0747

wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which le...

5CVSS6.3AI score0.06855EPSS

CVE•added 2004/04/15 4:0 a.m.•39 views

CVE-2003-1037

Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."

7.5CVSS8AI score0.01922EPSS

CVE•added 2004/04/15 4:0 a.m.•34 views

CVE-2003-1036

Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.

7.5CVSS8.2AI score0.03077EPSS

CVE•added 2008/05/09 6:20 p.m.•28 views

CVE-2008-2123

Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector tha...

4.3CVSS5.7AI score0.14744EPSS