CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-6815
https://notcve.org/view.php?id=CVE-2013-6815
19 Nov 2013 — The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. La función SHSTI_UPLOAD_XML en Application Server for ABAP (AS ABAP) de SAP NetWeaver 7.31 y anteriores permite a atacantes remotos provocar una denegación de servicio a través de vectores sin especificar, relacionado con un problema XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6244
https://notcve.org/view.php?id=CVE-2013-6244
24 Oct 2013 — The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La aplicacione Live Update WebDynpro (WebDynpro / distribuidor / sap.com / tc ~ slm ~ ui_lup / LUP) en SAP NetWeaver 7.31 y anteriores permite a atacantes remotos leer archivos ... • http://en.securitylab.ru/lab/PT-2013-13 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-5751
https://notcve.org/view.php?id=CVE-2013-5751
16 Sep 2013 — Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de recorrido de directorios en SAP NetWeaver 7.x permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados • http://en.securitylab.ru/lab/PT-2012-24 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1CVE-2011-5263
https://notcve.org/view.php?id=CVE-2011-5263
12 Feb 2013 — Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en RetrieveMailExamples en SAP NetWeaver v7.30 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro "server". • http://dsecrg.com/pages/vul/show.php?id=330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •