5 matches found
CVE-2017-5372
SAP NetWeaver AS JAVA P4 MSPRuntimeInterface (MSPRuntimeInterface) in SERVERCORE is vulnerable to information disclosure due to missing authorization when calling getInformation, getParameters, getServiceInfo, getStatistic, or getClientStatistic. Public advisories (ErpScan ERPSCAN-16-037 and SAP ...
CVE-2010-2904
CVE-2010-2904 documents describe multiple cross-site scripting (XSS) vulnerabilities in the SAP NetWeaver System Landscape Directory (SLD) component, affecting versions 6.4 through 7.02. The root cause involves injection of arbitrary web script or HTML via (1) the action parameter to testsdic and...
CVE-2008-3358
CVE-2008-3358 is an XSS vulnerability in SAP NetWeaver Portal’s Web DynPro component. A crafted URI can reflect arbitrary script/HTML in a text/plain response when using Internet Explorer 7.0.5730, enabling remote attackers to execute client-side code in the victim’s browser. Root cause is unenco...
CVE-2011-4707
CVE-2011-4707 involves multiple cross-site scripting (XSS) vulnerabilities in the SAP NetWeaver Virus Scan Interface. The flaws allow remote attackers to inject arbitrary web script or HTML via the following parameters: (1) instname to VsiTestScan servlet and (2) name to VsiTestServlet servlet. A...
CVE-2014-8587
CVE-2014-8587 affects SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, used in SAP NetWeaver AS for ABAP and SAP HANA. The issue allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. Remediation: upgrade SAPCRYPTOLIB to ...