CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6816
https://notcve.org/view.php?id=CVE-2013-6816
Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en servlets (1) JavaDumpServices y (2) DataCollector de SAP NetWeaver permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores sin especificar. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55777 https://erpscan.io/advisories/erpscan-13-018-sap-netweaver-servlet-javadumpservice-multiple-xss https://erpscan.io/advisories/erpscan-13-019-sap-netweaver-servlet-datacollector-multiple-xss https://service.sap.com/sap/support/notes/1828801 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6822
https://notcve.org/view.php?id=CVE-2013-6822
GRMGApp in SAP NetWeaver allows remote attackers to have unspecified impact and attack vectors, related to an XML External Entity (XXE) issue. GRMGApp en SAP NetWeaver permite a atacantes remotos conseguir un impacto y vectores de ataque sin especificar, relacionado con un problema de XML External Entity (XXE). • http://scn.sap.com/docs/DOC-8218 https://erpscan.io/advisories/dsecrg-13-002-sap-grmgapp-xxe-and-authentication-bypass •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-6814
https://notcve.org/view.php?id=CVE-2013-6814
The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote attackers to redirect users to arbitrary web sites, conduct phishing attacks, and obtain sensitive information (cookies and SAPPASSPORT) via unspecified vectors. J2EE Engine en SAP NetWeaver 6.40, 7.02, y anteriores versiones permite a atacantes remotos redirigir usuarios a sitios web arbitrarios para llevar a cabo ataques de phishing, y obtener información sensible (cookies y SAPPASSPORT) a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55778 https://erpscan.io/advisories/erpscan-13-021-sap-portal-unvalidated-redirect https://service.sap.com/sap/support/notes/1854826 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2013-6244
https://notcve.org/view.php?id=CVE-2013-6244
The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. La aplicacione Live Update WebDynpro (WebDynpro / distribuidor / sap.com / tc ~ slm ~ ui_lup / LUP) en SAP NetWeaver 7.31 y anteriores permite a atacantes remotos leer archivos arbitrarios y directorios a través de un documento XML que contiene una declaración de entidad externa en combinación con un referencia de la entidad, en relación con una cuestión entidad externa XML (XXE). • http://en.securitylab.ru/lab/PT-2013-13 http://osvdb.org/98892 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55302 http://www.securityfocus.com/bid/63302 https://service.sap.com/sap/support/notes/1820894 •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2013-5751
https://notcve.org/view.php?id=CVE-2013-5751
Directory traversal vulnerability in SAP NetWeaver 7.x allows remote attackers to read arbitrary files via unspecified vectors. Vulnerabilidad de recorrido de directorios en SAP NetWeaver 7.x permite a atacantes remotos leer ficheros arbitrarios a través de vectores no especificados • http://en.securitylab.ru/lab/PT-2012-24 http://osvdb.org/97350 http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/54809 http://www.securityfocus.com/bid/62391 https://exchange.xforce.ibmcloud.com/vulnerabilities/87121 https://websmp230.sap-ag.de/sap/support/notes/1779578 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •