CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 4CVE-2014-0995 – SAP NetWeaver Enqueue Server - Denial of Service
https://notcve.org/view.php?id=CVE-2014-0995
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern. El servidor Standalone Enqueue en SAP Netweaver 7.20, 7.01, y anteriores permite a atacantes remotos causar una denegación de servicio (recursión sin control y caída) a través de un nivel de traza con un comodín en la pauta de traza (Trace Pattern). • https://www.exploit-db.com/exploits/35000 http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition http://packetstormsecurity.com/files/128726/SAP-Netweaver-Enqueue-Server-Trace-Pattern-Denial-Of-Service.html http://seclists.org/fulldisclosure/2014/Oct/76 http://secunia.com/advisories/60950 http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability http://www.securityfocus.com/archive/1/533719/100/0/threaded https://exchange.xforce.ibmclou • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2014-6252
https://notcve.org/view.php?id=CVE-2014-6252
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors. Desbordamiento de buffer en disp+work.exe 7000.52.12.34966 y 7200.117.19.50294 en el distribuidor de la plataforma SAP NetWeaver 7.00 y 7.20 permite a usuarios remotos autenticados causar una denegación de servicio o ejecutar código arbitrario a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/60496 https://erpscan.io/advisories/erpscan-14-011-sap-netweaver-dispatcher-buffer-overflow-rce-dos https://exchange.xforce.ibmcloud.com/vulnerabilities/96196 https://service.sap.com/sap/support/notes/2018221 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3787
https://notcve.org/view.php?id=CVE-2014-3787
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. SAP NetWeaver 7.20 y anteriores permite a atacantes remotos leer tablas de SAP Central User Administration (SAP CUA) arbitrarias a través de vectores no especificados. • http://en.securitylab.ru/lab/PT-2014-09 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/58671 https://service.sap.com/sap/support/notes/1997455 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1965
https://notcve.org/view.php?id=CVE-2014-1965
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. Vulnerabilidad de XSS en ISpeakAdapter en Integration Repository en el componente SAP Exchange Infrastructure (BC-XI) 3.0, 7.00 hasta 7.02 y 7.10 hasta 7.11 para SAP NetWeaver permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con PIP. • http://secunia.com/advisories/56947 http://www.stechno.net/sap-notes.html?view=sapnote&id=1442517 https://erpscan.io/advisories/erpscan-14-006-sap-netweaver-pip-xss https://exchange.xforce.ibmcloud.com/vulnerabilities/91094 https://service.sap.com/sap/support/notes/1442517 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6814
https://notcve.org/view.php?id=CVE-2013-6814
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. J2EE Engine en SAP NetWeaver 6.40, 7.02, y anteriores versiones permite a atacantes remotos redirigir usuarios a sitios web arbitrarios para llevar a cabo ataques de phishing, y obtener información sensible (cookies y SAPPASSPORT) a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55778 https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect https://service.sap.com/sap/support/notes/1854826 • CWE-20: Improper Input Validation •