Show filters
58 Total Results
Displaying 51-58 of 58
Sort by:
Attacker Value
Unknown

CVE-2018-2415

Disclosure Date: May 09, 2018 (last updated November 26, 2024)
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.
0
0
Attacker Value
Unknown

CVE-2018-2368

Disclosure Date: March 01, 2018 (last updated November 26, 2024)
SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity.
0
0
Attacker Value
Unknown

CVE-2014-3787

Disclosure Date: May 19, 2014 (last updated October 05, 2023)
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2014-1965

Disclosure Date: February 14, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP.
0
0
Attacker Value
Unknown

CVE-2013-6815

Disclosure Date: November 20, 2013 (last updated October 05, 2023)
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
0
0
Attacker Value
Unknown

CVE-2013-6244

Disclosure Date: October 24, 2013 (last updated October 05, 2023)
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
0
0
Attacker Value
Unknown

CVE-2013-5751

Disclosure Date: September 16, 2013 (last updated October 05, 2023)
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2011-5263

Disclosure Date: February 12, 2013 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter.
0
0
View More Topics  < Previous