Netweaver@* Security Vulnerabilities and Issues — Netweaver@* CVE List

Lucene search

SapNetweaver*

4 matches found

CVE•added 2013/11/20 2:12 p.m.•90 views

CVE-2013-6815

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.

5CVSS6.9AI score0.00704EPSS

CVE•added 2013/02/12 8:55 p.m.•66 views

CVE-2011-5263

Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.

4.3CVSS5.9AI score0.00475EPSS

CVE•added 2013/10/24 12:55 a.m.•66 views

CVE-2013-6244

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to ...

5CVSS7AI score0.00718EPSS

CVE•added 2013/11/20 2:12 p.m.•41 views

CVE-2013-6814

The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors.

5.8CVSS6.5AI score0.00307EPSS