Netweaver@7.10 Security Vulnerabilities and Issues — Netweaver@7.10 CVE List

Lucene search

SapNetweaver7.10

10 matches found

CVE•added 2013/11/20 2:12 p.m.•90 views

CVE-2013-6815

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.

5CVSS6.9AI score0.00704EPSS

CVE•added 2020/03/10 9:15 p.m.•74 views

CVE-2020-6203

SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to...

9.1CVSS8.9AI score0.00978EPSS

CVE•added 2013/02/12 8:55 p.m.•66 views

CVE-2011-5263

Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.

4.3CVSS5.9AI score0.00475EPSS

CVE•added 2013/10/24 12:55 a.m.•66 views

CVE-2013-6244

The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to ...

5CVSS7AI score0.00718EPSS

CVE•added 2014/05/19 2:55 p.m.•53 views

CVE-2014-3787

SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.

5CVSS6.9AI score0.00319EPSS

CVE•added 2021/03/09 3:15 p.m.•49 views

CVE-2021-21481

The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform an authorization check. This might allow an unauthorized attacker to access configuration objects, including such that grant administrative privileges. This could result in compl...

9.6CVSS8.5AI score0.00156EPSS

CVE•added 2014/02/14 3:55 p.m.•41 views

CVE-2014-1965

Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.

4.3CVSS5.8AI score0.00329EPSS

CVE•added 2019/08/14 2:15 p.m.•37 views

CVE-2019-0351

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Because of this, an attacker can exploit Services Registry potentially enabling them to take complete control of the product, including viewing, changing, ...

8.8CVSS8.8AI score0.02279EPSS

CVE•added 2013/09/16 7:14 p.m.•33 views

CVE-2013-5751

Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.

5CVSS6.9AI score0.00504EPSS

CVE•added 2020/07/14 1:15 p.m.•32 views

CVE-2020-6285

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

7.7CVSS6.3AI score0.00256EPSS