CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1309
https://notcve.org/view.php?id=CVE-2015-1309
22 Jan 2015 — XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. Vulnerabilidad de entidad externa XML en Extended Computer Aided Test Tool (eCATT) en SAP NetWeaver AS ABAP 7.31 y anteriores permite a atacantes remotos acceder a ficheros arbitrarios a través de una solicitud XML manipulada, relacionado con EC... • http://secunia.com/advisories/62469 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8312
https://notcve.org/view.php?id=CVE-2014-8312
16 Oct 2014 — Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. Business Warehouse (BW) en SAP Netweaver AS ABAP 7.31 permite a usuarios remotos autenticados obtener información sensible a través de peticiones a la función RFC RSDU_CCMS_GET_PROFILE_PARAM. • http://packetstormsecurity.com/files/128603/SAP-Business-Warehouse-Missing-Authorization-Check.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3130
https://notcve.org/view.php?id=CVE-2014-3130
30 Apr 2014 — The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. Las herramientas de documentación y traducción ABAP Help (BC-DOC-HLP) en Basis en SAP Netweaver ABAP Application Server no restringe debidamente acceso, lo que permite a usuarios locales ganar privilegios y ejecutar instrucciones ABAP a través de mensajes de ayud... • http://scn.sap.com/docs/DOC-8218 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 11%CPEs: 3EXPL: 0CVE-2012-4341
https://notcve.org/view.php?id=CVE-2012-4341
15 Aug 2012 — Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. Múltiples vulnerabilidades de desbordamiento de búfer basado en pila, en msg_server.exe en SAP NetWeaver ABAP v7.x permite a atacantes remotos causar una denegación de servicio (c... • http://scn.sap.com/docs/DOC-8218 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •