CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1961
https://notcve.org/view.php?id=CVE-2014-1961
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors. Vulnerabilidad no especificada en Portal WebDynPro en SAP NetWeaver permite a atacantes remotos obtener información sensible de rutas a través de vectores de ataque desconocidos. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56947 https://erpscan.io/advisories/erpscan-14-002-sap-portal-webdynpro-path-disclosure https://exchange.xforce.ibmcloud.com/vulnerabilities/91096 https://service.sap.com/sap/support/notes/1852146 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1965
https://notcve.org/view.php?id=CVE-2014-1965
Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integration Repository in the SAP Exchange Infrastructure (BC-XI) component 3.0, 7.00 through 7.02, and 7.10 through 7.11 for SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via vectors related to PIP. Vulnerabilidad de XSS en ISpeakAdapter en Integration Repository en el componente SAP Exchange Infrastructure (BC-XI) 3.0, 7.00 hasta 7.02 y 7.10 hasta 7.11 para SAP NetWeaver permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores relacionados con PIP. • http://secunia.com/advisories/56947 http://www.stechno.net/sap-notes.html?view=sapnote&id=1442517 https://erpscan.io/advisories/erpscan-14-006-sap-netweaver-pip-xss https://exchange.xforce.ibmcloud.com/vulnerabilities/91094 https://service.sap.com/sap/support/notes/1442517 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7094
https://notcve.org/view.php?id=CVE-2013-7094
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la función RSDDCVER_COUNT_TAB_COLS de SAP NetWeaver 7.30 permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56061 http://www.securityfocus.com/bid/64232 https://erpscan.io/advisories/erpscan-13-022-sap-netweaver-rsddcver_count_tab_cols-potential-sql-injection https://exchange.xforce.ibmcloud.com/vulnerabilities/89603 https://service.sap.com/sap/support/notes/1836718 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6869
https://notcve.org/view.php?id=CVE-2013-6869
SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la función SRTT_GET_COUNT_BEFORE_KEY_RFC en SAP NetWeaver 7.30 que permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55736 http://www.securitytracker.com/id/1029352 https://erpscan.io/advisories/erpscan-13-017-sap-netweaver-srtt_get_count_before_key_rfc-sql-injection https://service.sap.com/sap/support/notes/1783795 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2013-6820
https://notcve.org/view.php?id=CVE-2013-6820
Unrestricted file upload vulnerability in the SAP NetWeaver Development Infrastructure (NWDI) allows remote attackers to execute arbitrary code by uploading a file with an executable extension via unspecified vectors. Vulnerabilidad de subida de archivos sin restricción en el SAP NetWeaver Development Infrastructure (NWDI) permite a atacantes remotos ejecutar código arbitrario mediante la subida de un archivo con una extensión ejecutable a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 https://erpscan.io/advisories/dsecrg-13-004-sap-netweaver-di-arbitrary-file-upload https://service.sap.com/sap/support/notes/1757675 •