Netweaver Security Vulnerabilities and Issues — Netweaver CVE List

Lucene search

SapNetweaver

13 matches found

CVE•added 2014/05/19 2:55 p.m.•53 views

CVE-2014-3787

SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.

5CVSS6.9AI score0.00319EPSS

CVE•added 2014/11/06 3:55 p.m.•49 views

CVE-2014-0995

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

5CVSS6.5AI score0.29647EPSS

CVE•added 2014/02/14 3:55 p.m.•44 views

CVE-2014-1964

Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error.

4.3CVSS5.8AI score0.00329EPSS

CVE•added 2014/06/09 8:55 p.m.•43 views

CVE-2014-4003

The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.

7.5CVSS6.4AI score0.01207EPSS

CVE•added 2014/02/14 3:55 p.m.•41 views

CVE-2014-1960

The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS6.3AI score0.00357EPSS

CVE•added 2014/02/14 3:55 p.m.•41 views

CVE-2014-1961

Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors.

5CVSS6.3AI score0.00354EPSS

CVE•added 2014/02/14 3:55 p.m.•41 views

CVE-2014-1965

Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.

4.3CVSS5.8AI score0.00329EPSS

CVE•added 2014/09/05 2:55 p.m.•40 views

CVE-2014-6252

Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.

6.5CVSS7.9AI score0.02237EPSS

CVE•added 2014/11/04 3:55 p.m.•40 views

CVE-2014-8592

Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request.

5CVSS6.8AI score0.0189EPSS

CVE•added 2014/04/10 8:55 p.m.•39 views

CVE-2013-7364

An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors.

7.5CVSS7AI score0.00675EPSS

CVE•added 2014/11/04 3:55 p.m.•38 views

CVE-2014-8587

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

7.5CVSS6.8AI score0.00585EPSS

CVE•added 2014/02/14 3:55 p.m.•35 views

CVE-2014-1963

Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors.

5CVSS6.8AI score0.0073EPSS

CVE•added 2014/11/04 3:55 p.m.•35 views

CVE-2014-8591

Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors.

5CVSS6.8AI score0.01389EPSS