CVE-2018-11415 – SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-11415
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product. SAP Internet Transaction Server (ITS) 6200.X.X tiene Cross-Site Scripting (XSS) reflejado mediante ciertos URI wgate. NOTA: el fabricante ha indicado que no se lanzarán más versiones de este producto. SAP Internet Transaction Server 6200.x suffers from session fixation and cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/44755 http://www.securityfocus.com/bid/104311 https://github.com/0xd0m7/SAP • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-16682
https://notcve.org/view.php?id=CVE-2017-16682
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. SAP NetWeaver Internet Transaction Server (ITS), SAP Basis desde la versión 7.00 hasta la 7.02, 7.30, 7.31 y 7.40 y desde la versión 7.50 hasta la 7.52, permite que un atacante con credenciales de administrador inyecte código que puede ser ejecutado por la aplicación y así controlar el comportamiento de la aplicación. • http://www.securityfocus.com/bid/102143 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017 https://launchpad.support.sap.com/#/notes/2526781 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-2123 – SAP Internet Transaction Server 6200.1017.50954.0 - Bu query String JavaScript Splicing Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2123
Cross-site scripting (XSS) vulnerability in WGate in SAP Internet Transaction Server (ITS) 6.20 allows remote attackers to inject arbitrary web script or HTML via (1) a "<>" sequence in the ~service parameter to wgate.dll, or (2) Javascript splicing in the query string, a different vector than CVE-2006-5114. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WGate para SAP Internet Transaction Server (ITS)versión 6.20 inyectar secuencias de comandos web o HTML de su elección mediante (1) una secuencia "<>" en el parámetro ~service de wgate.dll, o (2) enlazando código Javacript en la cadena de consulta, siendo un vector diferente que CVE-2006-5114. • https://www.exploit-db.com/exploits/31755 https://www.exploit-db.com/exploits/31754 http://secunia.com/advisories/30128 http://www.portcullis-security.com/275.php http://www.securityfocus.com/bid/29103 http://www.securitytracker.com/id?1019998 http://www.vupen.com/english/advisories/2008/1466/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-5114 – SAP Internet Transaction Server 6.10/6.20 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5114
Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en wgate en SAP Internet Transaction Server (ITS) 6.1 y 6.2 permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través de lo parámetros (1)~urlmime o (2) ~command, diferentes vectores que CVE-2003-0749. • https://www.exploit-db.com/exploits/28725 http://secunia.com/advisories/22171 http://securityreason.com/securityalert/1665 http://www.securityfocus.com/archive/1/447262/100/0/threaded http://www.securityfocus.com/bid/20244 http://www.vupen.com/english/advisories/2006/3894 https://exchange.xforce.ibmcloud.com/vulnerabilities/29245 •
CVE-2003-1037
https://notcve.org/view.php?id=CVE-2003-1037
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level." Vulnerabilidad de cadena de formato en el componente WGate de SAP Internet Transaction Server (ITS) permite a atacantes remotos ejecutar código arbitrario mediante un "nivel de traza" alto. • http://securitytracker.com/id?1009453 http://www.phenoelit.de/stuff/Phenoelit20c3.pd https://exchange.xforce.ibmcloud.com/vulnerabilities/15514 •