CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2478
https://notcve.org/view.php?id=CVE-2018-2478
13 Nov 2018 — An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4551 – SAP Netweaver 2004s Invalid Address Logging
https://notcve.org/view.php?id=CVE-2016-4551
03 Oct 2016 — The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. Los componentes (1) SAP_BASIS y (2) SAP_ABA 7.00 SP Level 0031 en SAP NetWeaver 2004s podría permitir a atacantes remotos suplantar direcciones IP escritas en el Security Audit Log a través de vectores relacionados con el entorno de red, vulnerabilidad también co... • http://seclists.org/fulldisclosure/2016/Oct/3 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3063 – SAP BASIS Communication Services Command Execution
https://notcve.org/view.php?id=CVE-2013-3063
16 Apr 2013 — SAP BASIS Communication Services 4.6B through 7.30 allows remote authenticated users to execute arbitrary commands via unspecified vectors. SAP BASIS Communication Services v4.6B través de v7.30 permite a los usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados. SAP Basis Components versions 4.6B through 7.30 suffer from a remote command injection vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0179.html •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3495
https://notcve.org/view.php?id=CVE-2007-3495
29 Jun 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SAP Internet Communication Framework (BC-MID-ICF) en el componente de SAP Basis 700 anterior a SP12, y 640 anterior a SP20, pe... • http://osvdb.org/37749 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2007-3496
https://notcve.org/view.php?id=CVE-2007-3496
29 Jun 2007 — Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en SAP Web Dynpro Java (BC-WD-JAV) en SAP NetWeaver Nw04 SP15 hasta SP19 y Nw04s SP7 hasta SP11, t... • http://osvdb.org/37748 •