Netweaver@- Security Vulnerabilities and Issues — Netweaver@- CVE List

Lucene search

SapNetweaver-

13 matches found

CVE•added 2015/06/24 2:59 p.m.•87 views

CVE-2015-5067

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982.

7.5CVSS6.8AI score0.01584EPSS

CVE•added 2013/11/20 2:12 p.m.•52 views

CVE-2013-6822

GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue.

10CVSS7.2AI score0.0152EPSS

CVE•added 2014/02/14 3:55 p.m.•44 views

CVE-2014-1964

Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.

4.3CVSS5.8AI score0.00329EPSS

CVE•added 2014/06/09 8:55 p.m.•43 views

CVE-2014-4003

The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.

7.5CVSS6.4AI score0.01207EPSS

CVE•added 2014/02/14 3:55 p.m.•41 views

CVE-2014-1960

The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS6.3AI score0.00357EPSS

CVE•added 2014/02/14 3:55 p.m.•41 views

CVE-2014-1961

Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.

5CVSS6.3AI score0.00354EPSS

CVE•added 2018/01/09 3:29 p.m.•41 views

CVE-2018-2363

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by exec...

8.8CVSS9AI score0.0078EPSS

CVE•added 2014/04/10 8:55 p.m.•39 views

CVE-2013-7364

An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.

7.5CVSS7AI score0.00675EPSS

CVE•added 2013/02/12 8:55 p.m.•38 views

CVE-2011-5260

Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3CVSS5.9AI score0.00285EPSS

CVE•added 2013/11/20 2:12 p.m.•37 views

CVE-2013-6821

Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors.

5CVSS6.9AI score0.00149EPSS

CVE•added 2013/11/20 2:12 p.m.•36 views

CVE-2013-6819

Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00254EPSS

CVE•added 2013/11/20 2:12 p.m.•34 views

CVE-2013-6816

Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.9AI score0.00329EPSS

CVE•added 2013/11/20 2:12 p.m.•33 views

CVE-2013-6823

GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.

6.4CVSS6.9AI score0.00178EPSS