CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4160
https://notcve.org/view.php?id=CVE-2014-4160
Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter. Múltiples vulnerabilidades de XSS en el nodo testcanvas en SAP NetWeaver Business Client (NWBC) permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) title o (2) sap-accessibility. • http://blog.emaze.net/2014/05/sap-multiple-vulnerabilities.html http://scn.sap.com/docs/DOC-8218 http://www.securityfocus.com/bid/67995 https://service.sap.com/sap/support/notes/1932505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-4003
https://notcve.org/view.php?id=CVE-2014-4003
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. El componente System Landscape Directory (SLD) en SAP NetWeaver permite a atacantes remotos modificar información a través de vectores relacionados con añadir un sistema. • http://packetstormsecurity.com/files/126986/SAP-SLD-Information-Tampering.html http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Jun/37 http://secunia.com/advisories/58633 http://www.securityfocus.com/archive/1/532331/100/0/threaded http://www.securityfocus.com/bid/67923 https://service.sap.com/sap/support/notes/1939334 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3787
https://notcve.org/view.php?id=CVE-2014-3787
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors. SAP NetWeaver 7.20 y anteriores permite a atacantes remotos leer tablas de SAP Central User Administration (SAP CUA) arbitrarias a través de vectores no especificados. • http://en.securitylab.ru/lab/PT-2014-09 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/58671 https://service.sap.com/sap/support/notes/1997455 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3130
https://notcve.org/view.php?id=CVE-2014-3130
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and execute ABAP instructions via crafted help messages. Las herramientas de documentación y traducción ABAP Help (BC-DOC-HLP) en Basis en SAP Netweaver ABAP Application Server no restringe debidamente acceso, lo que permite a usuarios locales ganar privilegios y ejecutar instrucciones ABAP a través de mensajes de ayuda manipulados. • http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Apr/302 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-009 http://www.securityfocus.com/bid/67108 https://service.sap.com/sap/support/notes/1910914 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3133
https://notcve.org/view.php?id=CVE-2014-3133
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. SAP Netweaver Java Application Server no restringe debidamente acceso, lo que permite a atacantes remotos obtener la lista de sistemas SAP registrados en un SLD a través de un webdynpro no especificado, relacionado con SystemSelection. • http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Apr/301 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-008 http://www.securityfocus.com/bid/67104 https://service.sap.com/sap/support/notes/1922547 • CWE-264: Permissions, Privileges, and Access Controls •