Lucene search
+L

5 matches found

CVE
CVE
added 2017/01/23 9:0 p.m.79 views

CVE-2017-5372

SAP NetWeaver AS JAVA P4 MSPRuntimeInterface (MSPRuntimeInterface) in SERVERCORE is vulnerable to information disclosure due to missing authorization when calling getInformation, getParameters, getServiceInfo, getStatistic, or getClientStatistic. Public advisories (ErpScan ERPSCAN-16-037 and SAP ...

7.5CVSS7.3AI score0.03523EPSS
CVE
CVE
added 2010/07/28 9:0 p.m.55 views

CVE-2010-2904

CVE-2010-2904 documents describe multiple cross-site scripting (XSS) vulnerabilities in the SAP NetWeaver System Landscape Directory (SLD) component, affecting versions 6.4 through 7.02. The root cause involves injection of arbitrary web script or HTML via (1) the action parameter to testsdic and...

4.3CVSS5.9AI score0.01292EPSS
CVE
CVE
added 2009/01/28 6:0 p.m.53 views

CVE-2008-3358

CVE-2008-3358 is an XSS vulnerability in SAP NetWeaver Portal’s Web DynPro component. A crafted URI can reflect arbitrary script/HTML in a text/plain response when using Internet Explorer 7.0.5730, enabling remote attackers to execute client-side code in the victim’s browser. Root cause is unenco...

4.3CVSS5.1AI score0.01528EPSS
CVE
CVE
added 2011/12/08 7:0 p.m.51 views

CVE-2011-4707

CVE-2011-4707 involves multiple cross-site scripting (XSS) vulnerabilities in the SAP NetWeaver Virus Scan Interface. The flaws allow remote attackers to inject arbitrary web script or HTML via the following parameters: (1) instname to VsiTestScan servlet and (2) name to VsiTestServlet servlet. A...

4.3CVSS5.9AI score0.01148EPSS
CVE
CVE
added 2014/11/04 3:0 p.m.51 views

CVE-2014-8587

CVE-2014-8587 affects SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, used in SAP NetWeaver AS for ABAP and SAP HANA. The issue allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. Remediation: upgrade SAPCRYPTOLIB to ...

7.5CVSS6.8AI score0.01285EPSS