CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2470
https://notcve.org/view.php?id=CVE-2018-2470
09 Oct 2018 — In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. En SAP NetWeaver Application Server for ABAP desde la versión 7.0 hasta la 7.02, 7.30, 7.31, 7.40 y de la versión 7.50 a la 7.53, las aplicaciones no cifran lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/105551 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2464
https://notcve.org/view.php?id=CVE-2018-2464
11 Sep 2018 — SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. SAP WebDynpro Java 7.20, 7.30, 7.31, 7.40 y 7.50 no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) persistente. • http://www.securityfocus.com/bid/105308 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-2434
https://notcve.org/view.php?id=CVE-2018-2434
10 Jul 2018 — A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (UI_700, 2.0): SAP NetWeaver 7.00 Implementation, SAP User Interface Technology (SAP_UI 7.4, 7.5, 7.51, 7.52). There is little impact as it is not possible to embed active contents such as JavaScript or hyperlinks. Una vulnerabilidad de suplantación de conten... • http://www.securityfocus.com/bid/105088 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-10311
https://notcve.org/view.php?id=CVE-2016-10311
10 Apr 2017 — Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238. El desbordamiento de búfer basado en pila en SAP NetWeaver desde 7.0 hasta la versión 7.5 permite a atacantes remotos causar una denegación de servicio () enviando un paquete manipulado al puerto SAPSTARTSRV, también conocido como Nota de seguridad de SAP 2295238. • https://erpscan.io/advisories/erpscan-16-030-sap-netweaver-sapstartsrv-stack-based-buffer-overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4015 – SAP NetWeaver Enqueue Server 7.4 Denial of Service
https://notcve.org/view.php?id=CVE-2016-4015
14 Apr 2016 — The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted request, aka SAP Security Note 2258784. El Enqueue Server en SAP NetWeaver JAVA AS 7.1 hasta la versión 7.4 permite a atacantes remotos causar una denegación de servicio (caída de proceso) a través de una petición manipulada, también conocida como SAP Security Note 2258784. SAP NetWeaver Enqueue Server version 7.4 suffers from a denial of service vulnerability. • https://erpscan.io/advisories/erpscan-16-019-sap-netweaver-enqueue-server-dos-vulnerability •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 4CVE-2016-4014 – SAP NetWeaver AS JAVA 7.4 XXE Injection
https://notcve.org/view.php?id=CVE-2016-4014
14 Apr 2016 — XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389. Vulnerabilidad de XXE en el componente UDDI en SAP NetWeaver JAVA AS 7.4 permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) a través de un DTD manipulado en una petición XML para uddi/api/replication, también conocido como SAP ... • https://packetstorm.news/files/id/137919 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2015-7241 – SAP NetWeaver < 7.01 - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2015-7241
21 Sep 2015 — XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Existe una vulnerabilidad de tipo XML External Entity (XEE) en versiones de SAP Netweaver anteriores a la 7.01. SAP Netweaver versions prior to 7.01 suffer from an XXE injection vulnerability. • https://packetstorm.news/files/id/133627 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-2815 – SAP NetWeaver Dispatcher Buffer Overflow
https://notcve.org/view.php?id=CVE-2015-2815
01 Apr 2015 — Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2063369. Desbordamiento de buffer en la función C_SAPGPARAM en NetWeaver Dispatcher en SAP KERNEL 7.00 (7000.52.12.34966) y 7.40 (7400.12.21.30308) permite a usuarios remotos autenticados causar una denegación de servicio o posib... • http://packetstormsecurity.com/files/132353/SAP-NetWeaver-Dispatcher-Buffer-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 1CVE-2014-8591
https://notcve.org/view.php?id=CVE-2014-8591
04 Nov 2014 — Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. Vulnerabilidad no especificada en SAP Internet Communication Manager (ICM), utilizado en SAP NetWeaver 7.02 y 7.3, permite a atacantes remotos causar una denegación de servicio (terminación de proceso) a través de vectores desconocidos. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2014-8592
https://notcve.org/view.php?id=CVE-2014-8592
04 Nov 2014 — Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via a crafted request. Vulnerabilidad no especificada en SAP Host Agent, utilizado en SAP NetWeaver 7.02 y 7.3, permite a atacantes remotos causar una denegación de servicio (terminación de proceso) a través de una solicitud manipulada. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition •