CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2811
https://notcve.org/view.php?id=CVE-2015-2811
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. Vulnerabilidad de entidad externa XML (XXE) en ReportXmlViewer en SAP NetWeaver Portal 7.31.201109172004 permite a atacantes remotos enviar solicitudes a servidores de intranet a través de XML manipulado, también conocido como la nota de seguridad de SAP Security 2111939. • http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html http://seclists.org/fulldisclosure/2015/Jun/64 http://www.securityfocus.com/archive/1/535827/100/800/threaded http://www.securityfocus.com/bid/73691 https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-2812
https://notcve.org/view.php?id=CVE-2015-2812
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. Vulnerabilidad de entidad externa XML (XXE) en XMLValidationComponent en SAP NetWeaver Portal 7.31.201109172004 permite a atacantes remotos enviar solicitudes a servidores de intranet a través de XML manipulado, también conocido como la nota de seguridad de SAP 2093966. • http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html http://seclists.org/fulldisclosure/2015/Jun/62 http://www.securityfocus.com/archive/1/535826/100/800/threaded https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7367
https://notcve.org/view.php?id=CVE-2013-7367
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors. SAP Enterprise Portal no restringe debidamente acceso a las páginas de configuración Federation, lo que permite a atacantes remotos ganar privilegios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0130.html http://scn.sap.com/docs/DOC-8218 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-001 http://www.onapsis.com/research-advisories.php https://service.sap.com/sap/support/notes/1658947 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7365
https://notcve.org/view.php?id=CVE-2013-7365
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Vulnerabilidad de XSS en SAP Enterprise Portal permite a atacantes remotos inyectar script Web o HTML a través de parámetros no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0132.html http://scn.sap.com/docs/DOC-8218 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-003 http://www.onapsis.com/research-advisories.php http://www.securityfocus.com/bid/58155 https://service.sap.com/sap/support/notes/1589716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •