CVE-2014-6252
https://notcve.org/view.php?id=CVE-2014-6252
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. Desbordamiento de buffer en disp+work.exe 7000.52.12.34966 y 7200.117.19.50294 en el distribuidor de la plataforma SAP NetWeaver 7.00 y 7.20 permite a usuarios remotos autenticados causar una denegación de servicio o ejecutar código arbitrario a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/60496 https://erpscan.io/advisories/erpscan-14-011-sap-netweaver-dispatcher-buffer-overflow-rce-dos https://exchange.xforce.ibmcloud.com/vulnerabilities/96196 https://service.sap.com/sap/support/notes/2018221 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-3787
https://notcve.org/view.php?id=CVE-2014-3787
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. SAP NetWeaver 7.20 y anteriores permite a atacantes remotos leer tablas de SAP Central User Administration (SAP CUA) arbitrarias a través de vectores no especificados. • http://en.securitylab.ru/lab/PT-2014-09 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/58671 https://service.sap.com/sap/support/notes/1997455 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-1963
https://notcve.org/view.php?id=CVE-2014-1963
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. Vulnerabilidad no especificada en Message Server en SAP NetWeaver 7.20 permite a atacantes remotos causar una denegación de servicio a través de vectores de ataque desconocidos. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56947 https://erpscan.io/advisories/erpscan-14-001-sap-netweaver-message-server-dos https://exchange.xforce.ibmcloud.com/vulnerabilities/91097 https://service.sap.com/sap/support/notes/1773912 •
CVE-2013-6815
https://notcve.org/view.php?id=CVE-2013-6815
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. La función SHSTI_UPLOAD_XML en Application Server for ABAP (AS ABAP) de SAP NetWeaver 7.31 y anteriores permite a atacantes remotos provocar una denegación de servicio a través de vectores sin especificar, relacionado con un problema XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55620 https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe https://service.sap.com/sap/support/notes/1890819 • CWE-20: Improper Input Validation •
CVE-2013-6244
https://notcve.org/view.php?id=CVE-2013-6244
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La aplicacione Live Update WebDynpro (WebDynpro / distribuidor / sap.com / tc ~ slm ~ ui_lup / LUP) en SAP NetWeaver 7.31 y anteriores permite a atacantes remotos leer archivos arbitrarios y directorios a través de un documento XML que contiene una declaración de entidad externa en combinación con un referencia de la entidad, en relación con una cuestión entidad externa XML (XXE). • http://en.securitylab.ru/lab/PT-2013-13 http://osvdb.org/98892 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55302 http://www.securityfocus.com/bid/63302 https://service.sap.com/sap/support/notes/1820894 •