CVSS: 7.5EPSS: 74%CPEs: 4EXPL: 1CVE-2013-1593
https://notcve.org/view.php?id=CVE-2013-1593
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN. Se presenta una vulnerabilidad de Denegación de Servicio en la función WRITE_C en el módulo msg_server.exe en SAP NetWeaver 2004s, versiones 7.01 SR1, 7.02 SP06 y 7.30 SP04, cuando se envía un paquete de SAP Message Server diseñado hacia los puertos TCP 36NN y/o 39NN. • http://www.securityfocus.com/bid/57956 http://www.securitytracker.com/id/1028148 https://exchange.xforce.ibmcloud.com/vulnerabilities/82065 https://packetstormsecurity.com/files/cve/CVE-2013-1593 https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities • CWE-129: Improper Validation of Array Index •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2011-5260
https://notcve.org/view.php?id=CVE-2011-5260
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter. Vulnerabilidad de ejecución de comandos en sitio remoto (XSS) en SAP/BW/DOC/METADATA de SAP NetWeaver permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de página. • http://dsecrg.com/pages/vul/show.php?id=337 http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4 http://www.securityfocus.com/archive/1/520555/100/0/threaded https://erpscan.io/advisories/dsecrg-11-037-sap-bw-doc-multiple-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2011-5263
https://notcve.org/view.php?id=CVE-2011-5263
Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SAP NetWeaver 7.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the server parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en RetrieveMailExamples en SAP NetWeaver v7.30 y anteriores, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro "server". • http://dsecrg.com/pages/vul/show.php?id=330 http://secunia.com/advisories/45708 http://www.sdn.sap.com/irj/scn/index?rid=/webcontent/uuid/50316177-762d-2f10-0993-a2206cc349b4 http://www.securityfocus.com/archive/1/520551/100/0/threaded http://www.securityfocus.com/bid/49266/info https://exchange.xforce.ibmcloud.com/vulnerabilities/69331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 12%CPEs: 2EXPL: 3CVE-2012-2612 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2612
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. La función de DiagTraceHex en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el distribuidor de la plataforma SAP NetWeaver 7.0 EHP1 y EHP2 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de un elaborado paquete SAP Diag. • https://www.exploit-db.com/exploits/20705 https://www.exploit-db.com/exploits/18853 http://scn.sap.com/docs/DOC-8218 http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities http://www.securitytracker.com/id?1027052 https://exchange.xforce.ibmcloud.com/vulnerabilities/75452 https://service.sap.com/sap/support/notes/1687910 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 94%CPEs: 2EXPL: 4CVE-2012-2611 – SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-2611
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. La función DiagTraceR3Info en el procesador Dialog en disp+work.exe v7010.29.15.58313 y v7200.70.18.23869 en el Dispatcher en SAP NetWeaver v7.0 EHP1 y EHP2, cuando está activada una configuración concreta de Developer Trace, permite a atacantes remotos ejecutar código a través de un paquete SAP Diag manipulado. • https://www.exploit-db.com/exploits/20705 https://www.exploit-db.com/exploits/18853 https://www.exploit-db.com/exploits/21034 http://scn.sap.com/docs/DOC-8218 http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities http://www.securitytracker.com/id?1027052 https://service.sap.com/sap/support/notes/1687910 • CWE-20: Improper Input Validation •