Lucene search

K

25 matches found

CVE
CVE
added 2012/05/15 4:21 a.m.122 views

CVE-2012-2612

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.8AI score0.22652EPSS
CVE
CVE
added 2012/05/15 4:21 a.m.114 views

CVE-2012-2514

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.7AI score0.22652EPSS
CVE
CVE
added 2013/11/20 2:12 p.m.90 views

CVE-2013-6815

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.

5CVSS6.9AI score0.00704EPSS
CVE
CVE
added 2013/02/12 8:55 p.m.66 views

CVE-2011-5263

Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.

4.3CVSS5.9AI score0.00475EPSS
CVE
CVE
added 2013/10/24 12:55 a.m.66 views

CVE-2013-6244

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to ...

5CVSS7AI score0.00718EPSS
CVE
CVE
added 2020/02/05 11:15 p.m.65 views

CVE-2011-1517

SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash.

9.8CVSS9.4AI score0.02368EPSS
CVE
CVE
added 2012/05/15 4:21 a.m.54 views

CVE-2012-2512

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.8AI score0.22652EPSS
CVE
CVE
added 2014/05/19 2:55 p.m.53 views

CVE-2014-3787

SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.

5CVSS6.9AI score0.00319EPSS
CVE
CVE
added 2012/05/15 4:21 a.m.50 views

CVE-2012-2611

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.

9.3CVSS9.4AI score0.77664EPSS
CVE
CVE
added 2015/04/01 2:59 p.m.50 views

CVE-2015-2815

Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369.

6.5CVSS8.1AI score0.03458EPSS
CVE
CVE
added 2012/05/15 4:21 a.m.45 views

CVE-2012-2511

The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.8AI score0.16249EPSS
CVE
CVE
added 2012/05/15 4:21 a.m.42 views

CVE-2012-2513

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.8AI score0.22782EPSS
CVE
CVE
added 2010/04/29 5:30 p.m.41 views

CVE-2010-1609

Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00309EPSS
CVE
CVE
added 2014/02/14 3:55 p.m.41 views

CVE-2014-1965

Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.

4.3CVSS5.8AI score0.00329EPSS
CVE
CVE
added 2010/07/28 9:30 p.m.40 views

CVE-2010-2904

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.

4.3CVSS5.9AI score0.00545EPSS
CVE
CVE
added 2012/02/23 8:7 p.m.40 views

CVE-2012-1289

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4...

4CVSS6.6AI score0.00548EPSS
CVE
CVE
added 2012/02/23 8:7 p.m.40 views

CVE-2012-1292

Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.

5CVSS6.3AI score0.00357EPSS
CVE
CVE
added 2014/09/05 2:55 p.m.40 views

CVE-2014-6252

Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.

6.5CVSS7.9AI score0.02237EPSS
CVE
CVE
added 2012/02/23 8:7 p.m.39 views

CVE-2012-1290

Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.

4.3CVSS5.9AI score0.00329EPSS
CVE
CVE
added 2009/08/21 8:30 p.m.38 views

CVE-2009-2932

Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.

4.3CVSS5.9AI score0.00381EPSS
CVE
CVE
added 2013/02/12 8:55 p.m.38 views

CVE-2011-5260

Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3CVSS5.9AI score0.00285EPSS
CVE
CVE
added 2012/02/23 8:7 p.m.38 views

CVE-2012-1291

Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service.

5CVSS6.5AI score0.00329EPSS
CVE
CVE
added 2018/07/10 6:29 p.m.36 views

CVE-2018-2434

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementati...

4.3CVSS4.7AI score0.00137EPSS
CVE
CVE
added 2017/04/10 3:59 p.m.35 views

CVE-2016-10311

Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.

9.8CVSS9.3AI score0.04067EPSS
CVE
CVE
added 2013/09/16 7:14 p.m.33 views

CVE-2013-5751

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

5CVSS6.9AI score0.00504EPSS