CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-7241 – SAP NetWeaver < 7.01 - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2015-7241
XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. Existe una vulnerabilidad de tipo XML External Entity (XEE) en versiones de SAP Netweaver anteriores a la 7.01. SAP Netweaver versions prior to 7.01 suffer from an XXE injection vulnerability. • https://www.exploit-db.com/exploits/38261 http://packetstormsecurity.com/files/133627/SAP-Netweaver-XML-External-Entity-Injection.html http://www.securityfocus.com/archive/1/536504/100/0/threaded http://www.securityfocus.com/bid/76809 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7239 – SAP NetWeaver J2EE Engine 7.40 SQL Injection
https://notcve.org/view.php?id=CVE-2015-7239
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo de la función BP_FIND_JOBS_WITH_PROGRAM en SAP NetWeaver J2EE Engine 7.40, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. SAP NetWeaver J2EE engine version 7.40 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/134801/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html http://seclists.org/fulldisclosure/2015/Dec/66 http://www.securityfocus.com/archive/1/537109/100/0/threaded https://erpscan.io/advisories/erpscan-15-021-sap-netweaver-7-4-bp_find_jobs_with_program-sql-injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6662 – SAP NetWeaver 7.4 XXE Injection
https://notcve.org/view.php?id=CVE-2015-6662
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485. Vulnerabilidad de entidad externa XML (XXE) en SAP NetWeaver Portal 7.4, permite a atacantes remotos leer archivos arbitrarios o posiblemente tener otro impacto no especificado a través de datos XML manipulados, también conocida como SAP Security Note 2168485. SAP NetWeaver version 7.4 suffers from an XML external entity injection vulnerability. • http://packetstormsecurity.com/files/134507/SAP-NetWeaver-7.4-XXE-Injection.html http://seclists.org/fulldisclosure/2015/Nov/92 http://www.securityfocus.com/archive/1/536957/100/0/threaded https://erpscan.io/advisories/erpscan-15-018-sap-netweaver-7-4-xxe •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-5067
https://notcve.org/view.php?id=CVE-2015-5067
The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982. El (1) Cross-System Tools y (2) Data Transfer Workbench en SAP NetWeaver tienen credenciales codificadas, lo que permite a atacantes remotos obtener acceso a través de vectores no especificados, vulnerabilidad también conocida como SAP Security Notes 2059659 y 2057982. • http://packetstormsecurity.com/files/133515/SAP-NetWeaver-AS-FKCDBFTRACE-ABAP-Hardcoded-Credentials.html http://packetstormsecurity.com/files/133516/SAP-NetWeaver-AS-LSCT1I13-ABAP-Hardcoded-Credentials.html http://scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-2015 http://www.securityfocus.com/bid/75165 https://erpscan.io/advisories/erpscan-15-015-sap-netweaver-hardcoded-credentials https://erpscan.io/advisories/erpscan-15-016-sap-netweaver-hardcoded-credentials • CWE-255: Credentials Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2015-4158
https://notcve.org/view.php?id=CVE-2015-4158
SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. SAP ABAP & Java Server permite a atacantes remotos causar una denegación de servicio (terminación de servicio) a través de vectores no especificado, también conocido como la nota de seguridad de SAP 2121661. • http://seclists.org/fulldisclosure/2015/May/96 http://www.securityfocus.com/bid/74799 •