CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3129
https://notcve.org/view.php?id=CVE-2014-3129
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1. Java Server Pages en Software Lifecycle Manager (SLM) en SAP NetWeaver permite a atacantes remotos obtener información sensible a través de una solicitud manipulada, relacionado con SAP Solution Manager 7.1. • http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Apr/294 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-005 http://www.securityfocus.com/bid/67147 http://www.securitytracker.com/id/1030157 https://service.sap.com/sap/support/notes/1894049 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7364
https://notcve.org/view.php?id=CVE-2013-7364
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. Un servicio del núcleo de J2EE no especificado en J2EE Engine en SAP NetWeaver no restringe debidamente el acceso, lo que permite a atacantes remotos leer o escribir hacia archivos arbitrarios a través de vectores desconocidos. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0133.html http://scn.sap.com/docs/DOC-8218 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-004 http://www.onapsis.com/research-advisories.php https://service.sap.com/sap/support/notes/1682613 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1964
https://notcve.org/view.php?id=CVE-2014-1964
Cross-site scripting (XSS) vulnerability in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to the ESR application and a DIR error. Vulnerabilidad de XSS en Integration Repository en el componente SAP Exchange Infrastructure (BC-XI) en SAP NetWeaver permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con la aplicación ESR y un error DIR. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56947 https://erpscan.io/advisories/erpscan-14-005-sap-netweaver-dir-error-xss https://exchange.xforce.ibmcloud.com/vulnerabilities/91095 https://service.sap.com/sap/support/notes/1788080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1963
https://notcve.org/view.php?id=CVE-2014-1963
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allows remote attackers to cause a denial of service via unknown attack vectors. Vulnerabilidad no especificada en Message Server en SAP NetWeaver 7.20 permite a atacantes remotos causar una denegación de servicio a través de vectores de ataque desconocidos. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56947 https://erpscan.io/advisories/erpscan-14-001-sap-netweaver-message-server-dos https://exchange.xforce.ibmcloud.com/vulnerabilities/91097 https://service.sap.com/sap/support/notes/1773912 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1960
https://notcve.org/view.php?id=CVE-2014-1960
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. Solution Manager en SAP NetWeaver no restringe debidamente el acceso, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56942 https://erpscan.io/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure https://exchange.xforce.ibmcloud.com/vulnerabilities/91093 https://service.sap.com/sap/support/notes/1828885 • CWE-264: Permissions, Privileges, and Access Controls •