CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6823
https://notcve.org/view.php?id=CVE-2013-6823
19 Nov 2013 — GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. GRMGApp en SAP NetWeaver permite a atacantes remotos evadir restricciones de acceso intencionadas a través de vectores sin especificar. • http://scn.sap.com/docs/DOC-8218 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6822
https://notcve.org/view.php?id=CVE-2013-6822
19 Nov 2013 — GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. GRMGApp en SAP NetWeaver permite a atacantes remotos conseguir un impacto y vectores de ataque sin especificar, relacionado con un problema de XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6818
https://notcve.org/view.php?id=CVE-2013-6818
19 Nov 2013 — SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. SAP NetWeaver Logviewer 6.30, cuando se ejecuta en Windows, permite a atacantes remotos evadir restricciones de acceso intencionadas a través de vectores sin especificar. • http://scn.sap.com/docs/DOC-8218 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 13EXPL: 0CVE-2013-6815
https://notcve.org/view.php?id=CVE-2013-6815
19 Nov 2013 — The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. La función SHSTI_UPLOAD_XML en Application Server for ABAP (AS ABAP) de SAP NetWeaver 7.31 y anteriores permite a atacantes remotos provocar una denegación de servicio a través de vectores sin especificar, relacionado con un problema XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6814
https://notcve.org/view.php?id=CVE-2013-6814
19 Nov 2013 — The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. J2EE Engine en SAP NetWeaver 6.40, 7.02, y anteriores versiones permite a atacantes remotos redirigir usuarios a sitios web arbitrarios para llevar a cabo ataques de phishing, y obtener información sensible (cookies y SAPPASSPORT) a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6819
https://notcve.org/view.php?id=CVE-2013-6819
19 Nov 2013 — Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Performance Provider in SAP NetWeaver permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores sin especificar. • http://scn.sap.com/docs/DOC-8218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2013-3243
https://notcve.org/view.php?id=CVE-2013-3243
28 Oct 2013 — Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. Vulnerabilidad sin especificar en OpenText/IXOS ECM para SAP NetWeaver permite a atacantes remotos ejecutar código arbitrario ABAP a través de vectores sin especificar. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0214.html •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6244
https://notcve.org/view.php?id=CVE-2013-6244
24 Oct 2013 — The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La aplicacione Live Update WebDynpro (WebDynpro / distribuidor / sap.com / tc ~ slm ~ ui_lup / LUP) en SAP NetWeaver 7.31 y anteriores permite a atacantes remotos leer archivos ... • http://en.securitylab.ru/lab/PT-2013-13 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-5751
https://notcve.org/view.php?id=CVE-2013-5751
16 Sep 2013 — Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de recorrido de directorios en SAP NetWeaver 7.x permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados • http://en.securitylab.ru/lab/PT-2012-24 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-5723
https://notcve.org/view.php?id=CVE-2013-5723
11 Sep 2013 — SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE." Vulnerabilidad de inyección SQL en SAP NetWeaver 7.30 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores sin especificar, relacionado con "ABAD0_DELETE_DERIVATION_TABLE." • http://osvdb.org/96900 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •