Lucene search

K
SapSap Web Application Server7.0

5 matches found

CVE
CVE
added 2005/11/16 9:22 p.m.55 views

CVE-2005-3634

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

5CVSS6.8AI score0.0214EPSS
CVE
CVE
added 2008/05/23 3:32 p.m.40 views

CVE-2008-2421

Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web Application Server (WAS) 7.0, Web Dynpro for ABAP (aka WD4A or WDA), and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under bc/gui/sap/its/webgui/.

4.3CVSS5.8AI score0.07699EPSS
CVE
CVE
added 2005/11/16 9:22 p.m.39 views

CVE-2005-3635

Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.

4.3CVSS6AI score0.16614EPSS
CVE
CVE
added 2007/07/06 7:30 p.m.39 views

CVE-2007-3615

Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a we...

7.8CVSS6.8AI score0.01968EPSS
CVE
CVE
added 2005/11/16 9:22 p.m.35 views

CVE-2005-3633

HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter.

5CVSS7AI score0.00979EPSS