Netweaver Security Vulnerabilities and Issues — Netweaver CVE List

Lucene search

SapNetweaver

10 matches found

CVE•added 2012/05/15 4:21 a.m.•122 views

CVE-2012-2612

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.8AI score0.22652EPSS

CVE•added 2012/05/15 4:21 a.m.•114 views

CVE-2012-2514

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.7AI score0.22652EPSS

CVE•added 2012/05/15 4:21 a.m.•54 views

CVE-2012-2512

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.8AI score0.22652EPSS

CVE•added 2012/05/15 4:21 a.m.•50 views

CVE-2012-2611

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.

9.3CVSS9.4AI score0.77664EPSS

CVE•added 2012/05/15 4:21 a.m.•45 views

CVE-2012-2511

The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.8AI score0.16249EPSS

CVE•added 2012/05/15 4:21 a.m.•42 views

CVE-2012-2513

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.

5CVSS8.8AI score0.22782EPSS

CVE•added 2012/02/23 8:7 p.m.•40 views

CVE-2012-1289

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4...

4CVSS6.6AI score0.00548EPSS

CVE•added 2012/02/23 8:7 p.m.•40 views

CVE-2012-1292

Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors.

5CVSS6.3AI score0.00357EPSS

CVE•added 2012/02/23 8:7 p.m.•39 views

CVE-2012-1290

Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.

4.3CVSS5.9AI score0.00329EPSS

CVE•added 2012/02/23 8:7 p.m.•38 views

CVE-2012-1291

Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service.

5CVSS6.5AI score0.00329EPSS