CVE-2014-1965
https://notcve.org/view.php?id=CVE-2014-1965
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. Vulnerabilidad de XSS en ISpeakAdapter en Integration Repository en el componente SAP Exchange Infrastructure (BC-XI) 3.0, 7.00 hasta 7.02 y 7.10 hasta 7.11 para SAP NetWeaver permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con PIP. • http://secunia.com/advisories/56947 http://www.stechno.net/sap-notes.html?view=sapnote&id=1442517 https://erpscan.io/advisories/erpscan-14-006-sap-netweaver-pip-xss https://exchange.xforce.ibmcloud.com/vulnerabilities/91094 https://service.sap.com/sap/support/notes/1442517 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6815
https://notcve.org/view.php?id=CVE-2013-6815
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. La función SHSTI_UPLOAD_XML en Application Server for ABAP (AS ABAP) de SAP NetWeaver 7.31 y anteriores permite a atacantes remotos provocar una denegación de servicio a través de vectores sin especificar, relacionado con un problema XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55620 https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe https://service.sap.com/sap/support/notes/1890819 • CWE-20: Improper Input Validation •
CVE-2013-6244
https://notcve.org/view.php?id=CVE-2013-6244
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La aplicacione Live Update WebDynpro (WebDynpro / distribuidor / sap.com / tc ~ slm ~ ui_lup / LUP) en SAP NetWeaver 7.31 y anteriores permite a atacantes remotos leer archivos arbitrarios y directorios a través de un documento XML que contiene una declaración de entidad externa en combinación con un referencia de la entidad, en relación con una cuestión entidad externa XML (XXE). • http://en.securitylab.ru/lab/PT-2013-13 http://osvdb.org/98892 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55302 http://www.securityfocus.com/bid/63302 https://service.sap.com/sap/support/notes/1820894 •
CVE-2013-5751
https://notcve.org/view.php?id=CVE-2013-5751
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de recorrido de directorios en SAP NetWeaver 7.x permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados • http://en.securitylab.ru/lab/PT-2012-24 http://osvdb.org/97350 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/54809 http://www.securityfocus.com/bid/62391 https://exchange.xforce.ibmcloud.com/vulnerabilities/87121 https://websmp230.sap-ag.de/sap/support/notes/1779578 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-3319 – SAP Host Agent Information Disclosure
https://notcve.org/view.php?id=CVE-2013-3319
The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. El metodo GetComputerSystem en el servicio HostControl en SAP Netweaver v7.03 permite a atacantes remotos obtener información sensible a través de una solicitud SOAP manipulada al puerto TCP 1128. • http://labs.integrity.pt/advisories/cve-2013-3319 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/54277 https://exchange.xforce.ibmcloud.com/vulnerabilities/85905 https://service.sap.com/sap/support/notes/1816536 https://launchpad.support.sap.com/#/notes/1816536 https://labs.integrity.pt/advisories/cve-2013-3319 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •