CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9569
https://notcve.org/view.php?id=CVE-2014-9569
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285. Múltiples vulnerabilidades de XSS en SAP NetWeaver Business Client (NWBC) para HTML 3.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) title o (2) roundtrips, también conocido como SAP Security Note 2051285. • http://secunia.com/advisories/62017 http://www.securitytracker.com/id/1031509 http://www.senseofsecurity.com.au/advisories/SOS-14-005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8663
https://notcve.org/view.php?id=CVE-2014-8663
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Data Basis (BW-WHM-DBA) en SAP NetWeaver Business Warehouse permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition http://service.sap.com/sap/support/notes/0001965819 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8590
https://notcve.org/view.php?id=CVE-2014-8590
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Vulnerabilidad de entidad externa XML (XXE) en Web Service Navigator en SAP NetWeaver Application Server (AS) Java permite a atacantes remotos acceder a ficheros arbitrarios a través de una solicitud manipulada. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition http://www.securityfocus.com/bid/71023 https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014 https://exchange.xforce.ibmcloud.com/vulnerabilities/98581 https://service.sap.com/sap/support/notes/2045176 •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 1CVE-2014-8591
https://notcve.org/view.php?id=CVE-2014-8591
Unspecified vulnerability in SAP Internet Communication Manager (ICM), as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to cause a denial of service (process termination) via unknown vectors. Vulnerabilidad no especificada en SAP Internet Communication Manager (ICM), utilizado en SAP NetWeaver 7.02 y 7.3, permite a atacantes remotos causar una denegación de servicio (terminación de proceso) a través de vectores desconocidos. • http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition http://www.securityfocus.com/bid/71030 https://erpscan.io/advisories/erpscan-14-016-sap-netweaver-httpd-partial-http-post-requests-dos https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014 https://exchange.xforce.ibmcloud.com/vulnerabilities/98582 https://service.sap.com/sap/support/notes/1966655 https://twitter.com/SAP_Gsupport/status/524138333065449472 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8587
https://notcve.org/view.php?id=CVE-2014-8587
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. SAPCRYPTOLIB anterior a 5.555.38, SAPSECULIB, y CommonCryptoLib anterior a 8.4.30, utilizados en SAP NetWeaver AS para ABAP y SAP HANA, permiten a atacantes remotos falsificar firmas Digital Signature Algorithm (DSA) a través de vectores no especificados. • http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing http://secunia.com/advisories/57606 http://service.sap.com/sap/support/notes/2067859 https://twitter.com/SAP_Gsupport/status/522401681997570048 • CWE-310: Cryptographic Issues •