CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6818
https://notcve.org/view.php?id=CVE-2013-6818
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. SAP NetWeaver Logviewer 6.30, cuando se ejecuta en Windows, permite a atacantes remotos evadir restricciones de acceso intencionadas a través de vectores sin especificar. • http://scn.sap.com/docs/DOC-8218 https://erpscan.io/advisories/dsecrg-13-008-sap-netweaver-logviewer-security-check-bypass https://service.sap.com/sap/support/notes/1685106 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6821
https://notcve.org/view.php?id=CVE-2013-6821
Directory traversal vulnerability in the Exportability Check Service in SAP NetWeaver allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de recorrido de directorio en Exportability Check Service de SAP NetWeaver permite a atacantes remotos leer archivos arbitrarios a través de vectores sin especificar. • http://scn.sap.com/docs/DOC-8218 https://erpscan.io/advisories/dsecrg-13-003-sap-netweaver-exportability-check-service-unauthorized-directory-traversal https://service.sap.com/sap/support/notes/1628537 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0CVE-2013-6815
https://notcve.org/view.php?id=CVE-2013-6815
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue. La función SHSTI_UPLOAD_XML en Application Server for ABAP (AS ABAP) de SAP NetWeaver 7.31 y anteriores permite a atacantes remotos provocar una denegación de servicio a través de vectores sin especificar, relacionado con un problema XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55620 https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe https://service.sap.com/sap/support/notes/1890819 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6819
https://notcve.org/view.php?id=CVE-2013-6819
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Performance Provider in SAP NetWeaver permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores sin especificar. • http://scn.sap.com/docs/DOC-8218 https://erpscan.io/advisories/dsecrg-13-006-sap-netweaver-performance-provider-xss https://service.sap.com/sap/support/notes/1784894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6823
https://notcve.org/view.php?id=CVE-2013-6823
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. GRMGApp en SAP NetWeaver permite a atacantes remotos evadir restricciones de acceso intencionadas a través de vectores sin especificar. • http://scn.sap.com/docs/DOC-8218 https://erpscan.io/advisories/dsecrg-13-002-sap-grmgapp-xxe-and-authentication-bypass • CWE-264: Permissions, Privileges, and Access Controls •